{"containers": {"cna": {"affected": [{"product": "Ceph Storage", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "version 3 (upstream versions of Ceph are not affected)"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-23T16:18:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19337"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-19337", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ceph Storage", "version": {"version_data": [{"version_value": "version 3 (upstream versions of Ceph are not affected)"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server."}]}, "impact": {"cvss": [[{"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19337", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19337"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:16:46.979Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19337"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-19337", "datePublished": "2019-12-23T16:18:04", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-05T02:16:46.979Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph_storage:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B27608D-A147-4ABA-9E98-6951EE2C3F03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Red Hat Ceph Storage versi\u00f3n 3 en la manera en que el demonio Ceph RADOS Gateway maneja las peticiones S3. Un atacante autenticado puede abusar de este fallo causando una denegaci\u00f3n de servicio remota mediante el env\u00edo de un encabezado HTTP Content-Length especialmente dise\u00f1ado para el servidor Ceph RADOS Gateway."}], "id": "CVE-2019-19337", "lastModified": "2024-11-21T04:34:36.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-23T17:15:11.880", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19337"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:4353", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "ceph-2:12.2.12-84.el7cp", "product_name": "Red Hat Ceph Storage 3.3", "release_date": "2019-12-19T00:00:00Z"}, {"advisory": "RHSA-2019:4353", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "ceph-ansible-0:3.2.38-1.el7cp", "product_name": "Red Hat Ceph Storage 3.3", "release_date": "2019-12-19T00:00:00Z"}, {"advisory": "RHSA-2019:4353", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "cephmetrics-0:2.0.9-1.el7cp", "product_name": "Red Hat Ceph Storage 3.3", "release_date": "2019-12-19T00:00:00Z"}, {"advisory": "RHSA-2019:4357", "cpe": "cpe:/a:redhat:ceph_storage:3::ubuntu16.04", "product_name": "Red Hat Ceph Storage 3 for Ubuntu", "release_date": "2019-12-19T00:00:00Z"}], "bugzilla": {"description": "ceph: denial of service in RGW daemon", "id": "1781170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781170"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.", "A flaw was found in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server."], "mitigation": {"lang": "en:us", "value": "1. By default system will use /etc/init.d/ceph-radosgw, stop this service by\n~]# /etc/init.d/ceph-radosgw stop\n2. Create systemd service, and change command line parameters according to the environment where Ceph radosgw is running.\n~]# cat /usr/lib/systemd/system/ceph-rgw.service\n[Unit]\nDescription=Ceph RGW daemon\n[Service]\nType=forking\nExecStart=/bin/radosgw -n client.rgw.$(HOSTNAME REDACTED)\nRestart=on-abnormal\nRestartSec=1s\n[Install]\nWantedBy=multi-user.target\n3. Run systemd service 'ceph-rgw.service'\nCaveat: It still takes +1-2 sec to get service back online. After applying above mentioned mitigation, the malicious IP can be blocked by a firewall rule if there are continuous attempts to launch remote denial of service. This mitigation is of limited use if the attack is launched from multiple IPs. It is recommended to limit the exposure of ceph RGW server to known clients."}, "name": "CVE-2019-19337", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ceph-common", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}], "public_date": "2019-12-19T17:07:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-19337\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19337"], "statement": "This flaw only affects Red Hat Ceph Storage 3, upstream versions of ceph are not affected.\nThe ceph package distributed by Red Hat Enterprise Linux 7 and 8 are not affected by this issue, as it doesn't ship any server-side library.\nRed Hat OpenStack now consumes fixes directly from the base ceph channels . Therefore the ceph package provided by Red Hat OpenStack 13 has been marked as 'will not fix'.", "threat_severity": "Moderate", "upstream_fix": "ceph-12.2.12-83.el7cp ceph_12.2.12-76redhat1"}