{"containers": {"cna": {"affected": [{"product": "Ceph", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "0.94.9-8"}]}], "datePublic": "2016-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-08-01T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tracker.ceph.com/issues/17635"}, {"name": "RHSA-2016:2815", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2815.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"}, {"name": "94488", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94488"}, {"name": "RHSA-2016:2816", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2816.html"}, {"name": "RHSA-2016:2847", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2847.html"}, {"name": "RHSA-2016:2848", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2848.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-8626", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ceph", "version": {"version_data": [{"version_value": "0.94.9-8"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests."}]}, "impact": {"cvss": [[{"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}], [{"vectorString": "6.3/AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476"}]}]}, "references": {"reference_data": [{"name": "http://tracker.ceph.com/issues/17635", "refsource": "CONFIRM", "url": "http://tracker.ceph.com/issues/17635"}, {"name": "RHSA-2016:2815", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2815.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"}, {"name": "94488", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94488"}, {"name": "RHSA-2016:2816", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2816.html"}, {"name": "RHSA-2016:2847", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2847.html"}, {"name": "RHSA-2016:2848", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2848.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:41.046Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tracker.ceph.com/issues/17635"}, {"name": "RHSA-2016:2815", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2815.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"}, {"name": "94488", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94488"}, {"name": "RHSA-2016:2816", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2816.html"}, {"name": "RHSA-2016:2847", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2847.html"}, {"name": "RHSA-2016:2848", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2848.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-8626", "datePublished": "2018-07-31T19:00:00", "dateReserved": "2016-10-12T00:00:00", "dateUpdated": "2024-08-06T02:27:41.046Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "C472A558-B6A0-413D-A8EE-230A62B98406", "versionEndExcluding": "0.94.3.9-8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests."}, {"lang": "es", "value": "Se ha descubierto un problema en versiones anteriores a la 0.94.9-8 de Red Hat Ceph. La forma en la que Ceph Object Gateway gestiona las peticiones de objeto POST permite que un atacante autenticado lance un ataque de denegaci\u00f3n de servicio (DoS) enviando peticiones de objeto POST null o especialmente manipuladas."}], "id": "CVE-2016-8626", "lastModified": "2023-11-07T02:36:25.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-31T19:29:00.337", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2815.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2816.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2847.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2848.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tracker.ceph.com/issues/17635"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/94488"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2847", "cpe": "cpe:/a:redhat:ceph_storage:1.3::el7", "package": "ceph-1:0.94.9-8.el7cp", "product_name": "Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2848", "cpe": "cpe:/a:redhat:ceph_storage:1.3::ubuntu:14.04", "product_name": "Red Hat Ceph Storage 1.3 for Ubuntu", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2815", "cpe": "cpe:/a:redhat:ceph_storage:2::el7", "package": "calamari-server-0:1.4.9-1.el7cp", "product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date": "2016-11-22T00:00:00Z"}, {"advisory": "RHSA-2016:2815", "cpe": "cpe:/a:redhat:ceph_storage:2::el7", "package": "ceph-1:10.2.3-13.el7cp", "product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date": "2016-11-22T00:00:00Z"}, {"advisory": "RHSA-2016:2815", "cpe": "cpe:/a:redhat:ceph_storage:2::el7", "package": "ceph-deploy-0:1.5.36-20.el7cp", "product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date": "2016-11-22T00:00:00Z"}, {"advisory": "RHSA-2016:2815", "cpe": "cpe:/a:redhat:ceph_storage:2::el7", "package": "ceph-iscsi-config-0:1.5-1.el7cp", "product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date": "2016-11-22T00:00:00Z"}, {"advisory": "RHSA-2016:2815", "cpe": "cpe:/a:redhat:ceph_storage:2::el7", "package": "ceph-iscsi-tools-0:1.1-1.el7cp", "product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date": "2016-11-22T00:00:00Z"}, {"advisory": "RHSA-2016:2815", "cpe": "cpe:/a:redhat:ceph_storage:2::el7", "package": "libntirpc-0:1.4.1-1.el7", "product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date": "2016-11-22T00:00:00Z"}, {"advisory": "RHSA-2016:2815", "cpe": "cpe:/a:redhat:ceph_storage:2::el7", "package": "nfs-ganesha-0:2.4.0-3.el7cp", "product_name": "Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7", "release_date": "2016-11-22T00:00:00Z"}, {"advisory": "RHSA-2016:2816", "cpe": "cpe:/a:redhat:ceph_storage:2::ubuntu16.04", "product_name": "Red Hat Ceph Storage 2 for Ubuntu", "release_date": "2016-11-22T00:00:00Z"}], "bugzilla": {"description": "Ceph: RGW Denial of Service by sending null or specially crafted POST object requests", "id": "1389193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389193"}, "csaw": false, "cvss": {"cvss_base_score": "6.3", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.", "A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests."], "name": "CVE-2016-8626", "package_state": [{"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Not affected", "package_name": "Ceph", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "Ceph", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Not affected", "package_name": "Ceph", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}], "public_date": "2016-10-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8626\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8626"], "threat_severity": "Moderate", "upstream_fix": "RHEL: ceph-0.94.9-7.el7cp Ubuntu: ceph_0.94.9-8redhat1"}