CVE-2019-19337

Name of the Vulnerable Software and Affected Versions Red Hat Ceph Storage version 3

Description A flaw was found in the way the Ceph RADOS Gateway daemon handles S3 requests, allowing an authenticated attacker to cause a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.

Recommendations For Red Hat Ceph Storage version 3, consider restricting access to the Ceph RADOS Gateway server until a fix is available, and avoid using specially crafted HTTP Content-Length headers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.