6 matches found
PT-2026-56468
Name of the Vulnerable Software and Affected Versions SeaweedFS versions prior to 4.34 Description The S3 API gateway fails to properly validate input in the X-Amz-Copy-Source header used by the CopyObject and UploadPartCopy functions. This improper validation allows the use of dot-dot path...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...
Astra Linux – Vulnerability in Ceph
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the x-amz-copy-source argument to copy an object and specifying an empty string as its content resulted in the RGW daemon crashing, leading to a DoS attack. As of the time of publication,...
CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
EUVD-2024-55069
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...