CVE-2019-10222

High

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could…

redhat·CWE-755·Published 2019-11-08

CVSS

7.5

EPSS

0.05

KEV

Exploits

cve.orgen

284 chars

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

NVDen

284 chars

NVDes

334 chars

Se detectó un fallo en la configuración de Ceph RGW con Beast como el front-end que maneja las peticiones de clientes. Un atacante no autenticado podría bloquear el servidor Ceph RGW mediante el envío de encabezados HTTP válidos y finalizando la conexión, resultando en una denegación de servicio remota para los clientes de Ceph RGW.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H