Sidhax

**Name of the Vulnerable Software and Affected Versions** CivetWeb (affected versions not specified) **Description** The issue is related to resource management errors in the CivetWeb web server. It can be exploited by a remote attacker to cause a denial of service. Specifically, when CivetWeb is used as a frontend for a Ceph RGW server with SSL enabled, an unauthenticated attacker can create multiple connections to the Ceph RADOS gateway, exhausting file descriptors for the ceph-radosgw service and resulting in a remote denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Gluster Storage versions prior to 3.4.0 **Description** The issue allows attackers to replay session tokens and authenticate as the target user. This can occur when session tokens remain active for a few minutes after a user logs out, enabling attackers to use tokens acquired via sniffing or man-in-the-middle (MITM) attacks. **Recommendations** For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue.