Red Hat Security Advisory 2015-2512-01

Discussion in 'News Aggregator' started by Packet Storm, 24 Nov 2015.

  1. Packet Storm

    Packet Storm Guest

    Red Hat Security Advisory 2015-2512-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A feature in Ceph Object Gateway allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service.

    Continue reading...
     
    #1 Packet Storm, 24 Nov 2015
(You must log in or sign up to post here.)

Share This Page

Loading...