Lucene search

[email protected]CVE-2019-3821

HistoryMar 27, 2019 - 1:29 p.m.

CVE-2019-3821

2019-03-2713:29:01

CWE-772

[email protected]

web.nvd.nist.gov

flaw

civetweb

frontend

ceph rgw

ssl

denial of service

nvd

cve-2019-3821

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.3%

JSON

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

Affected configurations

NVD

Node

cephcivetwebMatch-

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.10

canonicalubuntu_linuxMatch19.04

CPENameOperatorVersion
ceph:civetwebceph civetwebeq-

CPE	Name	Operator	Version
ceph:civetweb	ceph civetweb	eq	-

CNA Affected

[
  {
    "product": "ceph",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]