7.5

CVE-2016-9579

Exploit

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCeph Storage Version1.3
RedhatCeph Storage Mon Version1.3
RedhatCeph Storage Mon Version2
RedhatCeph Storage Osd Version1.3
RedhatCeph Storage Osd Version2
RedhatCeph Storage Version2.0
   CanonicalUbuntu Linux Version16.04 SwEditionlts
   RedhatEnterprise Linux Version7.0
RedhatCeph Storage Version1.3
   CanonicalUbuntu Linux Version14.04 SwEditionlts
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.59% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tracker.ceph.com/issues/18187
Patch
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/94936
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579
Third Party Advisory
Exploit
Issue Tracking