Lucene search
RedhatCVELIST:CVE-2021-3524HistoryMay 17, 2021 - 12:00 a.m.
CVE-2021-3524
2021-05-1700:00:00
CWE-20
redhat
raw.githubusercontent.com
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
Related
openvas
openvas
Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2022-1525)
2022-04-25 00:00:00
Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2023-1058)
2023-01-09 00:00:00
Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2022-1708)
2022-05-25 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : ceph-common (EulerOS-SA-2022-1708)
2022-05-27 00:00:00
EulerOS Virtualization 3.0.2.6 : ceph-common (EulerOS-SA-2023-1058)
2023-01-06 00:00:00
EulerOS 2.0 SP5 : ceph-common (EulerOS-SA-2022-1525)
2022-04-25 00:00:00
alpinelinux
alpinelinux
CVE-2021-3524
2021-05-17 17:15:00
CVE-2020-10753
2020-06-26 15:15:00
osv
osv
CVE-2021-3524
2021-05-17 17:15:08
CVE-2020-10753
2020-06-26 15:15:11
ceph - security update
2021-08-09 00:00:00
ubuntucve
ubuntucve
CVE-2021-3524
2021-05-17 00:00:00
CVE-2020-10753
2020-06-26 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2021-05-23 06:05:56
HTTP Header Injection
2020-07-21 04:06:57
prion
prion
Design/Logic Flaw
2021-05-17 17:15:00
Design/Logic Flaw
2020-06-26 15:15:00
cve
cve
CVE-2021-3524
2021-05-17 17:15:00
CVE-2020-10753
2020-06-26 15:15:00
debiancve
debiancve
CVE-2021-3524
2021-05-17 17:15:00
CVE-2020-10753
2020-06-26 15:15:00
freebsd
freebsd
ceph14 -- HTTP header injection via CORS ExposeHeader tag
2020-05-27 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: ceph-14.2.10-1.fc32
2020-07-06 01:02:55
[SECURITY] Fedora 32 Update: ceph-14.2.21-1.fc32
2021-05-23 01:30:06
[SECURITY] Fedora 33 Update: ceph-15.2.12-1.fc33
2021-05-23 01:10:52
redhatcve
redhatcve
CVE-2020-10753
2020-06-25 19:22:59
CVE-2021-3524
2021-04-30 17:43:00
redhat
redhat
(RHSA-2020:3505) Moderate: Red Hat Ceph Storage 3.3 Security update
2020-08-18 17:48:48
suse
suse
Security update for ceph (important)
2020-06-29 00:00:00
Security update for ceph (important)
2021-06-04 00:00:00
Security update for ceph (important)
2021-07-11 00:00:00
cvelist
cvelist
CVE-2020-10753
2020-06-26 00:00:00
debian
debian
[SECURITY] [DLA 2735-1] ceph security update
2021-08-10 22:05:27
[SECURITY] [DLA 3629-1] ceph security update
2023-10-23 17:00:09
archlinux
archlinux
[ASA-202105-3] ceph: multiple issues
2021-05-19 00:00:00
[ASA-202011-22] ceph: multiple issues
2020-11-26 00:00:00
ubuntu
ubuntu
Ceph vulnerabilities
2020-09-22 00:00:00
Ceph vulnerabilities
2021-01-28 00:00:00
Ceph vulnerabilities
2021-11-01 00:00:00
mageia
mageia
Updated ceph packages fix a security vulnerability
2021-05-27 16:43:31
gentoo
gentoo
Ceph: Multiple vulnerabilities
2021-05-26 00:00:00