PT-2018-17983 · Red Hat+2 · Ceph+2

Sam Fowler

Published

2018-03-07

Updated

2019-02-04

CVE-2018-7262

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Ceph versions prior to 12.2.3 Ceph versions 13.x through 13.0.1

Description The issue arises from the improper handling of malformed HTTP headers by the rgw civetweb.cc RGWCivetWeb::init env function in radosgw, leading to a denial of service.

Recommendations For versions prior to 12.2.3, update to version 12.2.3 or later. For versions 13.x through 13.0.1, update to a version later than 13.0.1. As a temporary workaround, consider restricting access to the radosgw service to minimize the risk of exploitation.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2018-1391

CVE-2018-7262

OPENSUSE-SU-2018_1470-1

OPENSUSE-SU-2018_2479-1

RHSA-2018:0546

SUSE-SU-2018:1417-1

SUSE-SU-2018:1576-1

SUSE-SU-2018:2299-1

Affected Products

Alt Linux

Ceph

Suse

PT-2018-17983 · Red Hat+2 · Ceph+2

CVE-2018-7262

Weakness Enumeration

Related Identifiers

Affected Products

References · 46