Ceph: RGW returns requested bucket name raw in Bucket response header
A feature in Ceph Object Gateway RGW allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse...