1
Candidate: CVE-2018-7262
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7262
6
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc
7
RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP
8
headers properly, allowing for denial of service.
11
debian> Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
12
debian> version of the embedded webserver in RADOS gateway which does not
13
debian> return null strings on malformed HTTP requests.
15
http://tracker.ceph.com/issues/23039
16
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891963
23
upstream: https://github.com/ceph/ceph/pull/20403 (superseded)
24
upstream: https://github.com/ceph/ceph/pull/20488
25
upstream_ceph: needs-triage
26
precise/esm_ceph: not-affected
27
trusty_ceph: not-affected
28
xenial_ceph: not-affected
29
artful_ceph: not-affected
30
devel_ceph: not-affected (12.2.4-0ubuntu1)