CVE-2015-5245
Description
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.361
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2015:2066) Moderate: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update hiera-1.3.1-2.el7.noarch.rpm | Linux |
| (RHSA-2015:2066) Moderate: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update ruby-augeas-0.5.0-1.el7.x86_64.rpm | Linux |
| (RHSA-2015:2066) Moderate: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update ruby-shadow-1.4.1-21.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234