CVE-2019-3821

NameCVE-2019-3821
DescriptionA flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ceph (PTS)jessie0.80.7-2+deb8u2fixed
jessie (security)0.80.7-2+deb8u3fixed
stretch (security), stretch10.2.11-2fixed
bullseye, sid, buster12.2.11+dfsg1-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cephsource(unstable)(not affected)

Notes

- ceph <not-affected> (Vulnerable code introduced later)
https://bugzilla.redhat.com/show_bug.cgi?id=1656852
https://github.com/ceph/civetweb/pull/33

Search for package or bug name: Reporting problems