Vulnerability CVE-2018-7262: Information

Description

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-7262
Published: March 20, 2018
Modified: Nov. 7, 2023
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cephsisyphus12.2.4-alt1.S118.2.1-alt2.1ALT-PU-2018-1391-1201097Fixed
cephp1012.2.4-alt1.S117.2.7-alt2ALT-PU-2018-1391-1201097Fixed
cephp912.2.4-alt1.S114.2.22-alt1ALT-PU-2018-1391-1201097Fixed
cephp812.2.4-alt1.M80P.112.2.13-alt1ALT-PU-2018-1393-1201374Fixed
cephc10f112.2.4-alt1.S117.2.6-alt2ALT-PU-2018-1391-1201097Fixed
cephc9f212.2.4-alt1.S114.2.22-alt1ALT-PU-2018-1391-1201097Fixed
cephc710.2.11-alt1.M70C.210.2.11-alt1.M70C.2ALT-PU-2019-1725-1218597Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/ceph/ceph/pull/20488
  • Issue Tracking
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1546611
  • Issue Tracking
http://tracker.ceph.com/issues/23039
  • Issue Tracking
  • Vendor Advisory
RHSA-2018:0548
  • Third Party Advisory
RHSA-2018:0546
  • Third Party Advisory
FEDORA-2018-ed907ef9a0

      1. Configuration 1

        cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*
        End excliding
        12.2.3
        cpe:2.3:a:redhat:ceph:13.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:redhat:ceph:13.0.1:*:*:*:*:*:*:*

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top