CVE-2019-3821

Published: 27 March 2019

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
ceph
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(12.2.11-0ubuntu0.18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(10.2.11-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://github.com/ceph/civetweb/commit/8fba7751f61a20158fedc3fc69684e9fe8cd0dce