CVE-2019-10222

moderate-risk

Published 2019-11-08

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Do I need to act?

2.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (5)

Ceph

Ceph Storage

Fedora

Affected Vendors

Redhat Fedoraproject Ceph

References (6)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Vendor Advisory https://tracker.ceph.com/issues/40018

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Vendor Advisory https://tracker.ceph.com/issues/40018

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 5/34 · Minimal

Exposure 12/34 · Low