Published: 08/11/2019 Updated: 23/10/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ceph ceph -
redhat ceph storage 3.0
redhat ceph storage 3.3
fedoraproject fedora 30
fedoraproject fedora 31

Synopsis Important: ceph security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Ceph Storage 33 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS ...

Synopsis Important: ceph security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Ceph Storage 33 on Ubuntu 1604Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Debian Bug report logs - #936015 ceph: CVE-2019-10222 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Aug 2019 05:33:02 UTC Severity: grave Tags: security, upstream Found in version ceph/12211+dfsg ...

Ceph could be made to crash if it received specially crafted network traffic ...

Impact: Important Public Date: 2019-08-28 CWE: CWE-400 Bugzilla: 1739292: CVE-2019-10222 ceph: Unauthen ...

An improper exception condition handling in Ceph allows to any single unauthenticated client to crash RGW component of Ceph by sending a special crafted HTTP request which lead to denial of service The vulnerability affects the RGW component of Ceph, specifically the ceph-radosgw ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2019-10222: ceph: unauthenticated clients can crash RGW   From: Alexa ...

This repo contains the published reports

Please sumbit your encrypted report as a github issue Thank you Full Disclosure published reports 2023 FDEU-CVE-2023-77dc - Mezon SWC-9200 router is vulnerable to remote code execution FDEU-CVE-2023-60ab - Registru Centras GoSign digital signature middleware insecure architecture FDEU-CVE-2023-5ef0 - VeroCafe insecure mobile application 2022 CVE-2021-44827 - TP-Li

CWE-755 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222 https://tracker.ceph.com/issues/40018 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://access.redhat.com/errata/RHSA-2019:2577 https://usn.ubuntu.com/4112-1/https://nvd.nist.gov

CVE-2019-10222

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect