CVE-2019-19337
Description
A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.552
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update ceph-ansible-3.2.38-1.el7cp.noarch.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update ceph-base-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update ceph-common-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update ceph-fuse-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update ceph-mds-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update ceph-radosgw-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update ceph-selinux-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update cephmetrics-ansible-2.0.9-1.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update libcephfs-devel-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update libcephfs2-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update librados-devel-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update librados2-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update libradosstriper1-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update librbd-devel-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update librbd1-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update librgw-devel-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update librgw2-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update python-cephfs-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update python-rados-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update python-rbd-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update python-rgw-12.2.12-84.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:4353) Red Hat Ceph Storage security, bug fix, and enhancement update rbd-mirror-12.2.12-84.el7cp.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234