Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-3531

Published: 18/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Redhat

Vulnerability Summary

A flaw was found in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ceph storage 4.0

redhat ceph

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Red Hat: Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update
Synopsis Moderate: Red Hat Ceph Storage 51 Security, Enhancement, and Bug Fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat Ceph Storage 51 is now availableRed Hat Product Security has rated this update ...
Debian CVElist Bug Report Logs: ceph: CVE-2021-3531
Debian Bug report logs - #988890 ceph: CVE-2021-3531 Package: src:ceph; Maintainer for src:ceph is Ceph Packaging Team <team+ceph@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 May 2021 19:12:01 UTC Severity: grave Tags: security, upstream Found in version ceph/14220-2 ...
Arch Linux Issues:
A security issue was found in the Red Hat Ceph Storage RGW before version 15212 When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service ...

Mailing Lists

Full Disclosure: Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: An ...

References

CWE-617https://bugzilla.redhat.com/show_bug.cgi?id=1955326http://www.openwall.com/lists/oss-security/2021/05/14/5http://www.openwall.com/lists/oss-security/2021/05/17/7https://lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ/https://access.redhat.com/errata/RHSA-2022:1174https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-3531
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook