113 matches found
CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
DEBIAN-CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
UBUNTU-CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
CVE-2015-5245
Ceph Object Gateway (RGW) is affected by a CRLF injection vulnerability caused by improper validation of user-supplied input. This allows a remote attacker to inject arbitrary HTTP headers and conduct HTTP response splitting via a crafted bucket name, affecting Ceph versions before 0.94.4. Remedi...
CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
RHEL 7 : Red Hat Ceph Storage 1.3.1 (RHSA-2015:2066)
Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...
Ceph: RGW returns requested bucket name raw in Bucket response header
A feature in Ceph Object Gateway RGW allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse...
Ceph: RGW returns requested bucket name raw in Bucket response header
A feature in Ceph Object Gateway RGW allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update
Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Ubuntu 14.04. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
PT-2015-6814 · Red Hat +1 · Ceph +1
Name of the Vulnerable Software and Affected Versions: Ceph versions prior to 0.94.4 Description: The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. This is related to a CRLF injection vulnerability in the Ceph...