CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Published: Nov 8, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-10222
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-755

Affected Software
References

Software	From	Fixed in
redhat / ceph_storage	3.0	3.0.x
redhat / ceph_storage	3.3	3.3.x
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
https://tracker.ceph.com/issues/40018

Vulnerability Database

289,599

CVE-2019-10222