CVE-2019-10222
ceph - security update
7.5
HIGH
CVSS 3.1
EPSS 1.8%
Description
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
How to fix CVE-2019-10222
To remediate CVE-2019-10222, upgrade the affected package to a fixed version below.
- —upgrade to 14.2.4-1 or later
- —upgrade to 12.2.11+dfsg1-2.1+deb10u1 or later
Is CVE-2019-10222 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 14.2.4-1
- from 0, < 12.2.11+dfsg1-2.1+deb10u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |