CVE-2019-10222

Published: Nov 8, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Affected (5)

Products: Ceph: Ceph · Redhat: Ceph Storage · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ceph Ceph	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Ceph Storage	Version 3.0
Redhat Ceph Storage	Version 3.3

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Related CWEs

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222

Source: secalert@redhat.com

Issue TrackingMitigationPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Source: secalert@redhat.com

https://tracker.ceph.com/issues/40018

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://tracker.ceph.com/issues/40018

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.