Vulnerability CVE-2019-10222


Published: 2019-11-08   Modified: 2019-11-11

Description:
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> Ceph storage 
Fedoraproject -> Fedora 
CEPH -> CEPH 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222
https://tracker.ceph.com/issues/40018

Copyright 2024, cxsecurity.com

 

Back to Top