{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-20T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2018:0546", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0546"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ceph/ceph/pull/20488"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tracker.ceph.com/issues/23039"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546611"}, {"name": "RHSA-2018:0548", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0548"}, {"name": "FEDORA-2018-ed907ef9a0", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7262", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:0546", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0546"}, {"name": "https://github.com/ceph/ceph/pull/20488", "refsource": "CONFIRM", "url": "https://github.com/ceph/ceph/pull/20488"}, {"name": "http://tracker.ceph.com/issues/23039", "refsource": "CONFIRM", "url": "http://tracker.ceph.com/issues/23039"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1546611", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546611"}, {"name": "RHSA-2018:0548", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0548"}, {"name": "FEDORA-2018-ed907ef9a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:24:11.701Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:0546", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0546"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ceph/ceph/pull/20488"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tracker.ceph.com/issues/23039"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546611"}, {"name": "RHSA-2018:0548", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0548"}, {"name": "FEDORA-2018-ed907ef9a0", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7262", "datePublished": "2018-03-19T21:00:00", "dateReserved": "2018-02-20T00:00:00", "dateUpdated": "2024-08-05T06:24:11.701Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "8572231C-2E92-44F9-B1A9-920709842BD6", "versionEndExcluding": "12.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ceph:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6D20380-BEA0-4AC9-9324-7F4671141760", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:ceph:13.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A8E9F00-DC2A-4670-98D4-9A9174331194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*", "matchCriteriaId": "DBEACBFF-6D05-4B69-BF7A-F7E539D9BF6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service."}, {"lang": "es", "value": "En Ceph, en versiones anteriores a la 12.2.3 y versiones 13.x hasta la 13.0.1, la funci\u00f3n RGWCivetWeb::init_env en rgw_civetweb.cc en radosgw no gestiona las cabeceras HTTP mal formadas adecuadamente, lo que permite una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-7262", "lastModified": "2023-11-07T03:00:59.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-19T21:29:01.003", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://tracker.ceph.com/issues/23039"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0546"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0548"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546611"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/ceph/ceph/pull/20488"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:0546", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "ceph-2:12.2.1-46.el7cp", "product_name": "Red Hat Ceph Storage 3.0", "release_date": "2018-03-15T00:00:00Z"}, {"advisory": "RHSA-2018:0548", "cpe": "cpe:/a:redhat:ceph_storage:3::ubuntu16.04", "product_name": "Red Hat Ceph Storage 3 for Ubuntu", "release_date": "2018-03-15T00:00:00Z"}], "bugzilla": {"description": "ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service", "id": "1546610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546610"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-476", "details": ["In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.", "A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests."], "name": "CVE-2018-7262", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:1.3", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 1.3"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ceph-common", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-7262\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7262"], "threat_severity": "Important"}