CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
References
Configurations
History
13 Feb 2023, 00:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. |
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | A feature in Ceph Object Gateway (RGW) allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service. | |
References |
|
Information
Published : 2015-12-03 20:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5245
Mitre link : CVE-2015-5245
CVE.ORG link : CVE-2015-5245
JSON object : View
Products Affected
redhat
- ceph
CWE