Published: 08/11/2019 Updated: 23/10/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ceph ceph -
redhat ceph storage 3.0
redhat ceph storage 3.3
fedoraproject fedora 30
fedoraproject fedora 31

Ceph could be made to crash if it received specially crafted network traffic ...

Debian Bug report logs - #936015 ceph: CVE-2019-10222 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Aug 2019 05:33:02 UTC Severity: grave Tags: security, upstream Found in version ceph/12211+dfsg ...

Synopsis Important: ceph security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Ceph Storage 33 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS ...

Synopsis Important: ceph security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Ceph Storage 33 on Ubuntu 1604Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Impact: Important Public Date: 2019-08-28 CWE: CWE-400 Bugzilla: 1739292: CVE-2019-10222 ceph: Unauthen ...

An improper exception condition handling in Ceph allows to any single unauthenticated client to crash RGW component of Ceph by sending a special crafted HTTP request which lead to denial of service The vulnerability affects the RGW component of Ceph, specifically the ceph-radosgw ...

Hi all, an improper exception handling was found in RGW component of Ceph Please find the details below CVE-2019-10222: ceph: unauthenticated clients can crash RGW Affected versions: Nautilus (version 142X) Mimic (version 132X) Luminous (version 122X) only if an experimental feature is enabled in cephconf: enable_experimental_unrecove ...

This repo contains the published reports

Please sumbit your encrypted report as a github issue Thank you Full Disclosure published reports 2023 FDEU-CVE-2023-77dc - Mezon SWC-9200 router is vulnerable to remote code execution FDEU-CVE-2023-60ab - Registru Centras GoSign digital signature middleware insecure architecture FDEU-CVE-2023-5ef0 - VeroCafe insecure mobile application 2022 CVE-2021-44827 - TP-Li

CWE-755 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222 https://tracker.ceph.com/issues/40018 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://nvd.nist.gov https://usn.ubuntu.com/4112-1/

CVE-2019-10222

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect