Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-3524

Published: 17/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Redhat

Vulnerability Summary

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions prior to 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ceph storage 4.0

redhat ceph

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: ceph: CVE-2021-3524
Debian Bug report logs - #988889 ceph: CVE-2021-3524 Package: src:ceph; Maintainer for src:ceph is Ceph Packaging Team <team+ceph@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 May 2021 19:09:06 UTC Severity: grave Tags: security, upstream Found in version ceph/14220-2 ...
Red Hat: Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update
Synopsis Moderate: Red Hat Ceph Storage 51 Security, Enhancement, and Bug Fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat Ceph Storage 51 is now availableRed Hat Product Security has rated this update ...
Red Hat: Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update
Synopsis Moderate: Red Hat Ceph Storage 43 Security and Bug Fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New packages for Red Hat Ceph Storage 43 are now available on Red Hat Enterprise Linux 85Red Hat Pr ...
Red Hat: CVE-2021-3524
No description is available for this CVE ...
Arch Linux Issues:
A security issue was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made In addition, the pr ...

References

CWE-74https://bugzilla.redhat.com/show_bug.cgi?id=1951674https://lists.debian.org/debian-lts-announce/2021/08/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988889https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-3524
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook