{ "threat_severity" : "Moderate", "public_date" : "2016-10-20T00:00:00Z", "bugzilla" : { "description" : "Ceph: RGW Denial of Service by sending null or specially crafted POST object requests", "id" : "1389193", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1389193" }, "cvss" : { "cvss_base_score" : "6.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:N/I:N/A:C", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.", "A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests." ], "affected_release" : [ { "product_name" : "Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7", "release_date" : "2016-12-01T00:00:00Z", "advisory" : "RHSA-2016:2847", "cpe" : "cpe:/a:redhat:ceph_storage:1.3::el7", "package" : "ceph-1:0.94.9-8.el7cp" }, { "product_name" : "Red Hat Ceph Storage 1.3 for Ubuntu", "release_date" : "2016-12-01T00:00:00Z", "advisory" : "RHSA-2016:2848", "cpe" : "cpe:/a:redhat:ceph_storage:1.3::ubuntu:14.04" }, { "product_name" : "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2815", "cpe" : "cpe:/a:redhat:ceph_storage:2::el7", "package" : "calamari-server-0:1.4.9-1.el7cp" }, { "product_name" : "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2815", "cpe" : "cpe:/a:redhat:ceph_storage:2::el7", "package" : "ceph-1:10.2.3-13.el7cp" }, { "product_name" : "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2815", "cpe" : "cpe:/a:redhat:ceph_storage:2::el7", "package" : "ceph-deploy-0:1.5.36-20.el7cp" }, { "product_name" : "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2815", "cpe" : "cpe:/a:redhat:ceph_storage:2::el7", "package" : "ceph-iscsi-config-0:1.5-1.el7cp" }, { "product_name" : "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2815", "cpe" : "cpe:/a:redhat:ceph_storage:2::el7", "package" : "ceph-iscsi-tools-0:1.1-1.el7cp" }, { "product_name" : "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2815", "cpe" : "cpe:/a:redhat:ceph_storage:2::el7", "package" : "libntirpc-0:1.4.1-1.el7" }, { "product_name" : "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2815", "cpe" : "cpe:/a:redhat:ceph_storage:2::el7", "package" : "nfs-ganesha-0:2.4.0-3.el7cp" }, { "product_name" : "Red Hat Ceph Storage 2 for Ubuntu", "release_date" : "2016-11-22T00:00:00Z", "advisory" : "RHSA-2016:2816", "cpe" : "cpe:/a:redhat:ceph_storage:2::ubuntu16.04" } ], "package_state" : [ { "product_name" : "OpenStack Foreman", "fix_state" : "Not affected", "package_name" : "Ceph", "cpe" : "cpe:/a:redhat:openstack-installer:5" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)", "fix_state" : "Not affected", "package_name" : "Ceph", "cpe" : "cpe:/a:redhat:openstack:5::el6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)", "fix_state" : "Not affected", "package_name" : "Ceph", "cpe" : "cpe:/a:redhat:openstack:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-8626\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8626" ], "name" : "CVE-2016-8626", "csaw" : false }