Red Hat Ceph Storage is found to be vulnerable to cross-origin resource sharing policy bypass. The vulnerability is due to the setting which allows origin on a bucket, opening up a loophole for an attacker to use malicious cross-origin HTTP request to launch denial of service.
rhn.redhat.com/errata/RHSA-2016-2954.html
rhn.redhat.com/errata/RHSA-2016-2956.html
rhn.redhat.com/errata/RHSA-2016-2994.html
rhn.redhat.com/errata/RHSA-2016-2995.html
tracker.ceph.com/issues/18187
www.securityfocus.com/bid/94936
access.redhat.com/errata/RHSA-2016:2954
access.redhat.com/errata/RHSA-2016:2956
access.redhat.com/errata/RHSA-2016:2994
access.redhat.com/errata/RHSA-2016:2995
access.redhat.com/security/cve/CVE-2016-9579
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1394007
bugzilla.redhat.com/show_bug.cgi?id=1402185
bugzilla.redhat.com/show_bug.cgi?id=1403003
bugzilla.redhat.com/show_bug.cgi?id=1403245
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579