CVE-2019-3821

2019-03-2713:29:01

Debian Security Bug Tracker

security-tracker.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.009 Low

EPSS

Percentile

82.4%

JSON

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

OSVersionArchitecturePackageVersionFilename
Debian12allceph< 16.2.11+ds-2ceph_16.2.11+ds-2_all.deb
Debian11allceph< 14.2.21-1ceph_14.2.21-1_all.deb
Debian999allceph< 18.2.3+ds-3ceph_18.2.3+ds-3_all.deb
Debian13allceph< 18.2.3+ds-3ceph_18.2.3+ds-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ceph	< 16.2.11+ds-2	ceph_16.2.11+ds-2_all.deb
Debian	11	all	ceph	< 14.2.21-1	ceph_14.2.21-1_all.deb
Debian	999	all	ceph	< 18.2.3+ds-3	ceph_18.2.3+ds-3_all.deb
Debian	13	all	ceph	< 18.2.3+ds-3	ceph_18.2.3+ds-3_all.deb