Lucene search
Redhat.comRH:CVE-2020-1700HistoryJan 31, 2020 - 5:39 p.m.
CVE-2020-1700
2020-01-3117:39:13
redhat.com
access.redhat.com
11
0.004 Low
EPSS
Percentile
72.9%
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
Mitigation
If Beast front end is in use, switch to CivetWeb to mitigate the issue. The following is an example of the /etc/ceph/ceph.conf file:
<snip>
…
[client.rgw.node1]
rgw frontends = civetweb
…
</snip>
Related
ubuntucve
ubuntucve
CVE-2020-1700
2020-01-31 00:00:00
nvd
nvd
CVE-2020-1700
2020-02-07 21:15:10
alpinelinux
alpinelinux
CVE-2020-1700
2020-02-07 21:15:10
openvas
openvas
Ubuntu: Security Advisory (USN-4304-1)
2020-03-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0296-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for ceph (openSUSE-SU-2020:0187-1)
2020-02-09 00:00:00
prion
prion
Design/Logic Flaw
2020-02-07 21:15:00
cvelist
cvelist
CVE-2020-1700
2020-02-07 00:00:00
cve
cve
CVE-2020-1700
2020-02-07 21:15:10
debiancve
debiancve
CVE-2020-1700
2020-02-07 21:15:10
ubuntu
ubuntu
Ceph vulnerability
2020-03-17 00:00:00
veracode
veracode
Information Disclosure
2020-08-06 21:36:41
nessus
nessus
Ubuntu 18.04 LTS : Ceph vulnerability (USN-4304-1)
2020-03-18 00:00:00
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2020:0296-1)
2020-02-03 00:00:00
openSUSE Security Update : ceph (openSUSE-2020-187)
2020-02-10 00:00:00
suse
suse
Security update for ceph (moderate)
2020-02-08 00:00:00
debian
debian
[SECURITY] [DLA 3629-1] ceph security update
2023-10-23 16:59:44
osv
osv
ceph - security update
2023-10-23 00:00:00