PT-2018-17983 · Red Hat+2 · Ceph+2

Sam Fowler

Publicado

2018-03-07

Atualizado

2019-02-04

CVE-2018-7262

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Ceph versions prior to 12.2.3 Ceph versions 13.x through 13.0.1

Description The issue arises from the improper handling of malformed HTTP headers by the rgw civetweb.cc RGWCivetWeb::init env function in radosgw, leading to a denial of service.

Recommendations For versions prior to 12.2.3, update to version 12.2.3 or later. For versions 13.x through 13.0.1, update to a version later than 13.0.1. As a temporary workaround, consider restricting access to the radosgw service to minimize the risk of exploitation.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2018-1391

CVE-2018-7262

OPENSUSE-SU-2018_1470-1

OPENSUSE-SU-2018_2479-1

RHSA-2018:0546

SUSE-SU-2018:1417-1

SUSE-SU-2018:1576-1

SUSE-SU-2018:2299-1

Produtos afetados

Alt Linux

Ceph

Suse

PT-2018-17983 · Red Hat+2 · Ceph+2

CVE-2018-7262

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46