CVE-2015-5245

Priority
Description
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or
RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks via a crafted bucket
name.
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Trusty/esm:not-affected (0.80.11-0ubuntu1.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.2.2-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (10.2.2-0ubuntu5)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (10.2.2-0ubuntu5)
Ubuntu 19.04 (Disco Dingo):not-affected (10.2.2-0ubuntu5)
Ubuntu 19.10 (Eoan):not-affected (10.2.2-0ubuntu5)
Patches:
Upstream:https://github.com/ceph/ceph/pull/5430
Upstream:https://github.com/ceph/ceph/commit/75d80aa5ce8be83894b6f175bf646f39a4fe24f3
More Information

Updated: 2019-04-26 14:15:32 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)