CVE(CAN) ID: CVE-2 0 1 5-5 2 4 5
The Ceph Object Gateway is constructed in the librados on top of the object storage interface, you can make the application through a RESTful gateway to access the distributed storage system Ceph Storage Clusters.
Ceph 0.94.4 before the version, Ceph Object Gateway, the presence of a CRLF injection vulnerability, a remote attacker by constructing the bucket name, to inject arbitrary HTTP headers and perform HTTP response to isolated attacks.
<source: RedHat >
Ceph \ ---- The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: