rpm package
suse/ceph&distro=SUSE Enterprise Storage 3
pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%203
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9579 | — | < 10.2.10+git.1510313171.6d5f0aeac1-13.7.3 | 10.2.10+git.1510313171.6d5f0aeac1-13.7.3 | Aug 1, 2018 | A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP reque | ||
| CVE-2016-8626 | — | < 10.2.5+git.1485186288.4e3c6c4-12.2 | 10.2.5+git.1485186288.4e3c6c4-12.2 | Jul 31, 2018 | A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. | ||
| CVE-2017-7519 | — | < 10.2.10+git.1510313171.6d5f0aeac1-13.7.3 | 10.2.10+git.1510313171.6d5f0aeac1-13.7.3 | Jul 27, 2018 | In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. | ||
| CVE-2016-5009 | Med | 6.5 | < 10.2.3+git.1475228057.755cf99-7.3 | 10.2.3+git.1475228057.755cf99-7.3 | Jul 12, 2016 | The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. |
- CVE-2016-9579Aug 1, 2018affected < 10.2.10+git.1510313171.6d5f0aeac1-13.7.3fixed 10.2.10+git.1510313171.6d5f0aeac1-13.7.3
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP reque
- CVE-2016-8626Jul 31, 2018affected < 10.2.5+git.1485186288.4e3c6c4-12.2fixed 10.2.5+git.1485186288.4e3c6c4-12.2
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
- CVE-2017-7519Jul 27, 2018affected < 10.2.10+git.1510313171.6d5f0aeac1-13.7.3fixed 10.2.10+git.1510313171.6d5f0aeac1-13.7.3
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
- affected < 10.2.3+git.1475228057.755cf99-7.3fixed 10.2.3+git.1475228057.755cf99-7.3
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.