CRLF Injection

🗓️ 15 Jan 2019 09:08:17Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 13 Views

Ceph vulnerability to CRLF injection attacks via crafted bucket nam

Reporter	Title	Published	Views	Family All 20
IBM Security Bulletins	Security Bulletin: A vulnerability in Ceph affects PowerKVM (CVE-2015-5245)	18 Jun 201801:33	–	ibm
CNVD	Ceph Object Gateway CRLF Vulnerability	4 Dec 201500:00	–	cnvd
CVE	CVE-2015-5245	3 Dec 201520:00	–	cve
Cvelist	CVE-2015-5245	3 Dec 201520:00	–	cvelist
Debian CVE	CVE-2015-5245	3 Dec 201520:00	–	debiancve
EUVD	EUVD-2015-5237	7 Oct 202500:30	–	euvd
NVD	CVE-2015-5245	3 Dec 201520:59	–	nvd
OSV	DEBIAN-CVE-2015-5245	3 Dec 201520:59	–	osv
OSV	RHSA-2015:2066 Red Hat Security Advisory: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update	13 Sep 202410:38	–	osv
OSV	SUSE-SU-2016:0806-1 Security update for ceph	17 Mar 201614:39	–	osv

Vulners

Node

puppet facterMatch1.7.4_1.el7

ceph cephMatch0.80.8_17.el7cp

ceph cephMatch0.80.8_16.el7cp

ceph cephMatch0.80.5_1.el7ost

ceph cephMatch0.80.5_4.el7ost

ceph cephMatch0.94.1_16.el7cp

ceph cephMatch0.94.1_13.el7cp

ceph cephMatch0.94.1_15.el7cp

ceph cephMatch0.80.8_6.el7cp

ceph cephMatch0.80.8_15.el7cp

ceph cephMatch0.80.8_7.el7cp

ceph cephMatch0.94.1_19.el7cp

ceph cephMatch0.94.1_18.el7cp

ceph cephMatch0.80.8_5.el7cp

ceph cephMatch0.80.1_5.el7ost

foreman-installer foreman-installerMatch1.6.0_0.3.rc1.el7ost

foreman-installer foreman-installerMatch1.6.0_0.2.rc1.el7ost

foreman-installer foreman-installerMatch1.6.0_0.4.rc1.el7ost

foreman-selinux foreman-selinuxMatch1.6.0.14_1.el7sat

ruby193-rubygem-foreman_bootdisk ruby193-rubygem-foreman_bootdiskMatch2.0.5_2.el7sat

ruby193-rubygem-foreman_bootdisk ruby193-rubygem-foreman_bootdiskMatch2.0.6_1.1.el7sat

calamari-server calamari-serverMatch1.3_7.el7cp

calamari-server calamari-serverMatch1.2.3_11.el7cp

calamari-server calamari-serverMatch1.2.3_14.el7cp

calamari-server calamari-serverMatch1.2.3_13.el7cp

foreman-proxy foreman-proxyMatch1.6.0.30_1.el7sat

foreman-proxy foreman-proxyMatch1.6.0.33_1.el7sat

foreman-proxy foreman-proxyMatch1.6.0.30_5.el7ost

foreman-proxy foreman-proxyMatch1.6.0.30_6.el7ost

puppet puppetMatch3.6.2_2.el7

puppet puppetMatch3.4.3_2.el7

puppet puppetMatch3.6.2_1.el7sat

theforeman foremanMatch1.6.0.49_1.el7sat

theforeman foremanMatch1.6.0.51_1.el7sat

theforeman foremanMatch1.6.0.49_6.el7ost

theforeman foremanMatch1.6.0.46_1.el7sat

theforeman foremanMatch1.6.0.44_1.el7sat

theforeman foremanMatch1.6.0.52_1.el7sat

theforeman foremanMatch1.6.0.53_1.el7sat

rubygem-apipie-bindings rubygem-apipie-bindingsMatch0.0.8_2.el7sat

rubygem-apipie-bindings rubygem-apipie-bindingsMatch0.0.8_1.el7sat

ruby193-rubygem-sprockets ruby193-rubygem-sprocketsMatch2.4.5_4.el7

userspace-rcu userspace-rcuMatch0.7.7_1.el7

ruby193-rubygem-deep_cloneable ruby193-rubygem-deep_cloneableMatch1.6.0_3.el7sat

radosgw-agent radosgw-agentMatch1.2_2.el7cp

rubygem-rubyipmi rubygem-rubyipmiMatch0.7.0_2.el7sat

ruby193-rubygem-multi_json ruby193-rubygem-multi_jsonMatch1.3.6_2.el7

rubygem-kafo_parsers rubygem-kafo_parsersMatch0.0.3_2.el7sat

rubygem-kafo rubygem-kafoMatch0.6.4_2.el7sat

ceph ceph-deployMatch1.5.25_1.el7cp

ceph ceph-deployMatch1.5.22_0.4.rc1.el7cp

ceph ceph-deployMatch1.5.22_0.2.rc1.el7cp

Source	Link
lists	www.lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/updates/classification/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/support/offerings/techpreview/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

13 Feb 2023 01:50Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24.3

EPSS0.00361