Redhat: >> Ceph >> 0.94.3.1 Security Vulnerabilities
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
CVSS Score
6.5
EPSS Score
0.029
Published
2018-07-31
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
CVSS Score
7.5
EPSS Score
0.014
Published
2018-03-19
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVSS Score
6.5
EPSS Score
0.014
Published
2016-07-12
Page 2