Description
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7 | |||
| babeltrace-0:1.2.4-3.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| calamari-server-0:1.3-11.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ceph-1:0.94.3-3.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ceph-deploy-0:1.5.27.3-1.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ceph-puppet-modules-0:0.1.1-1.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| facter-1:1.7.6-2.1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| foreman-0:1.7.2.33-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| foreman-installer-1:1.7.5-2.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| foreman-proxy-0:1.7.2.5-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| foreman-selinux-0:1.7.2.13-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| hiera-0:1.3.1-2.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ipxe-0:20130517-7.1fm.gitc4bce43.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| lttng-tools-0:2.4.1-1.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| lttng-ust-0:2.4.1-1.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| puppet-0:3.6.2-4.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| radosgw-agent-0:1.2.3-1.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rhcs-installer-0:0.1.0-1.el7cp | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-facter-0:1.6.18-5.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-ancestry-0:2.0.0-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-apipie-rails-0:0.2.5-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-audited-0:3.0.0-5.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-audited-activerecord-0:3.0.0-8.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-bundler_ext-0:0.3.0-6.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-deep_cloneable-0:2.0.0-4.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-fast_gettext-0:0.8.0-13.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-foreigner-0:1.4.2-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-foreman_bootdisk-0:4.0.2.13-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-friendly_id-0:4.0.10.1-1.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-gettext_i18n_rails-0:0.10.0-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-gettext_i18n_rails_js-0:0.0.8-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-i18n_data-0:0.2.7-5.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-ldap_fluff-0:0.3.2-1.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-multi_json-0:1.8.2-4.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-net-ldap-0:0.3.1-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-oauth-0:0.4.7-8.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-passenger-0:4.0.18-19.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-pg-0:0.12.2-10.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-po_to_json-0:0.0.7-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-rabl-0:0.9.0-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-rest-client-0:1.6.7-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-ruby2ruby-0:2.0.1-9.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-ruby_parser-0:3.1.1-15.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-safemode-0:1.2.1-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-scoped_search-0:2.7.1-2.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-secure_headers-0:1.3.3-1.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-sexp_processor-0:4.1.3-7.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-sprockets-0:2.10.1-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-uuidtools-0:2.1.3-6.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-validates_lengths_from_database-0:0.2.0-1.3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-rubygem-will_paginate-0:3.0.2-10.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby193-ruby-wrapper-0:0.0.2-6.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby-augeas-0:0.5.0-1.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-ansi-0:1.4.3-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-apipie-bindings-0:0.0.11-1.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-awesome_print-0:1.0.2-12.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-bundler_ext-0:0.3.0-7.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-clamp-0:0.6.2-2.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-ffi-0:1.4.0-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-gssapi-0:1.1.2-4.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-hashie-0:2.0.5-2.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-highline-0:1.6.21-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-kafo-0:0.6.5.9-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-kafo_parsers-0:0.0.4.4-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-little-plugger-0:1.1.3-17.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-logging-0:1.8.1-26.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-mime-types-0:1.19-7.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-multi_json-0:1.8.2-4.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-oauth-0:0.4.7-8.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-passenger-0:4.0.18-19.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-powerbar-0:1.0.11-8.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-rack-1:1.4.1-13.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-rack-protection-0:1.5.0-7.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-rake-0:0.9.2.2-41.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-rest-client-0:1.6.7-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-rkerberos-0:0.1.2-3.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-rubyipmi-0:0.10.0-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-sinatra-1:1.3.6-27.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-smart_proxy_discovery-0:1.0.2.1-1.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| rubygem-tilt-0:1.3.3-18.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby-rgen-0:0.6.5-2.el7sat | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| ruby-shadow-0:1.4.1-21.el7 | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| userspace-rcu-0:0.7.9-2.el7rhgs | cpe:/a:redhat:ceph_storage:1.3::el7 | RHSA-2015:2066 | 2015-11-23T00:00:00Z |
| Red Hat Ceph Storage 1.3 for Ubuntu | |||
| cpe:/a:redhat:ceph_storage:1.3::ubuntu:14.04 | RHSA-2015:2512 | 2015-11-23T00:00:00Z | |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2015-5237 | CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. |
References
History
Mon, 14 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T06:41:09.165Z
Reserved: 2015-07-01T00:00:00.000Z
Link: CVE-2015-5245
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-12-03T20:59:05.223
Modified: 2026-05-06T22:30:45.220
Link: CVE-2015-5245
Redhat
OpenCVE Enrichment
No data.
Weaknesses