|Description||A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|stretch (security), stretch||10.2.11-2||fixed|
|bullseye, sid, buster||12.2.11+dfsg1-2.1||vulnerable|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
[buster] - ceph <no-dsa> (Minor issue; only triggerable if experimental feature enabled)
[stretch] - ceph <not-affected> (Vulnerable code not present)
[jessie] - ceph <not-affected> (Vulnerable code not present)
12.2.x installations only affected by the vulnerability if experimental
features are enabled.