CVE-2019-3821

Published: Mar 27, 2019Modified: May 5, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

Affected (4)

Products: Ceph: Civetweb · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ceph Civetweb	Before 1.11

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.10
Canonical Ubuntu Linux	Version 19.04

Related CWEs

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/ceph/civetweb/pull/33

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/4035-1/

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/ceph/civetweb/pull/33

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/4035-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.