CVE-2016-9579 (retired)

Priority
Description
A flaw was found in the way Ceph Object Gateway would process cross-origin
HTTP requests if the CORS policy was set to allow origin on a bucket. A
remote unauthenticated attacker could use this flaw to cause denial of
service by sending a specially-crafted cross-origin HTTP request. Ceph
branches 1.3.x and 2.x are affected.
Notes
 leosilva> xenial, zesty and artful already have the code fixed
Assigned-to
mdeslaur
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):released (0.80.11-0ubuntu1.14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.2.2-0ubuntu0.16.04.2)
Patches:
Upstream:https://github.com/ceph/ceph/commit/c0e845c4f6b03f3c28c31ba2278be5b20e5be13c
Upstream:https://github.com/ceph/ceph/pull/12397
Upstream:https://github.com/ceph/ceph/pull/12398
More Information

Updated: 2019-03-26 12:23:36 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)