CVE-2015-5245

Priority
Low
Description
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or
RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks via a crafted bucket
name.
References
Bugs
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (0.80.11-0ubuntu1.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.2.2-0ubuntu0.16.04.2)
Ubuntu 17.10 (Artful Aardvark):not-affected (10.2.2-0ubuntu5)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (10.2.2-0ubuntu5)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (10.2.2-0ubuntu5)
Patches:
Upstream:https://github.com/ceph/ceph/pull/5430
Upstream:https://github.com/ceph/ceph/commit/75d80aa5ce8be83894b6f175bf646f39a4fe24f3
More Information

Updated: 2018-06-26 04:05:51 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)