CVE-2018-7262

Impact:
Important
Public Date:
2018-02-13
CWE:
CWE-476
Bugzilla:
1546610: CVE-2018-7262 ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service
A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests.

Find out more about CVE-2018-7262 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 (ceph) RHSA-2018:0546 2018-03-15
Red Hat Ceph Storage 3 for Ubuntu RHSA-2018:0548 2018-03-15

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 ceph Not affected
Red Hat Enterprise Linux 7 ceph-common Not affected
Red Hat Ceph Storage 2 ceph Not affected
Red Hat Ceph Storage 1.3 ceph Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Last Modified