CVE-2016-8626
- EPSS 2.87%
- Published 31.07.2018 19:29:00
- Last modified 21.11.2024 02:59:42
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
CVE-2018-1128
- EPSS 1.27%
- Published 10.07.2018 14:29:00
- Last modified 21.11.2024 03:59:14
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authen...
CVE-2018-7262
- EPSS 0.67%
- Published 19.03.2018 21:29:01
- Last modified 21.11.2024 04:11:53
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
CVE-2017-16818
- EPSS 0.36%
- Published 20.12.2017 17:29:00
- Last modified 20.04.2025 01:37:25
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, r...
CVE-2016-5009
- EPSS 1.36%
- Published 12.07.2016 19:59:06
- Last modified 12.04.2025 10:46:40
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2015-5245
- EPSS 0.36%
- Published 03.12.2015 20:59:05
- Last modified 12.04.2025 10:46:40
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.