Ceph RGW Malformed HTTP Headers Denial of Service Vulnerability

Ceph RGW Malformed HTTP Headers Denial of Service Vulnerability

CVE-2018-7262 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

Learn more about our Web App Pen Testing.