PT-2019-3228 · Ceph+3 · Ceph Rgw+3

Ali Maredia

Published

2019-08-28

Updated

2024-02-10

CVE-2019-10222

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Ceph RGW (affected versions not specified)

Description The issue is related to an uncontrolled resource consumption in the Ceph RGW configuration. An attacker could exploit this by sending valid HTTP headers and then terminating the connection, resulting in a denial of service for Ceph RGW clients. This could be done by an unauthenticated attacker acting remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Handling of Exceptional Conditions

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-400

Related Identifiers

ALT-PU-2019-2841

ALT-PU-2019-2855

BDU:2019-03217

CVE-2019-10222

DLA-3629-1

OPENSUSE-SU-2024:10676-1

RHSA-2019:2577

SUSE-SU-2019:2247-1

SUSE-SU-2019:2736-1

SUSE-SU-2019:2994-1

SUSE-SU-2019_2247-1

SUSE-SU-2019_2736-1

USN-4112-1

Affected Products

Alt Linux

Ceph Rgw

Suse

Ubuntu

PT-2019-3228 · Ceph+3 · Ceph Rgw+3

CVE-2019-10222

Weakness Enumeration

Related Identifiers

Affected Products

References · 52