Published: 03/10/2016 Updated: 28/11/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The RGW code in Ceph prior to 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote malicious users to list the bucket contents via a URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ceph project ceph
redhat ceph storage

Several security issues were fixed in Ceph ...

Synopsis Moderate: Red Hat Ceph Storage 133 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Red Hat Ceph Storage 133 that fixes one security issue, multiple bugs, and adds various enhancements is now available for UbuntuRed Hat Product Security has rated this u ...

Synopsis Moderate: Red Hat Ceph Storage 133 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Red Hat Ceph Storage 133 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7Red Hat Product Secur ...

Debian Bug report logs - #849048 ceph: CVE-2016-9579 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 22 Dec 2016 05:51:02 UTC Severity: important Tags: security, upstream Found in versions ceph/08011- ...

Debian Bug report logs - #844200 ceph: CVE-2016-8626: RGW Denial of Service by sending POST object with null conditions Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 13 Nov 2016 10:12:02 UTC Severity: ...

Debian Bug report logs - #829661 ceph: CVE-2016-5009: Ceph monitor crash: mon_command crashes ceph monitors on receiving empty prefix Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 5 Jul 2016 06:12:11 U ...

Debian Bug report logs - #838026 ceph: CVE-2016-7031: rgw: Anonymous user is able to read bucket with authenticated read ACL Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 Sep 2016 15:15:01 UTC Sever ...

A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket ...

CWE-200 CWE-254 http://rhn.redhat.com/errata/RHSA-2016-1973.html http://tracker.ceph.com/issues/13207 http://rhn.redhat.com/errata/RHSA-2016-1972.html http://docs.ceph.com/docs/master/release-notes/#v10-0-1 https://github.com/ceph/ceph/pull/6057 http://www.securityfocus.com/bid/93240 https://usn.ubuntu.com/3452-1/https://nvd.nist.gov

CVE-2016-7031

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect