CVE-2019-10222 HIGH

CVE-2019-10222

Vendor The Ceph Project
Product ceph
Weakness CWE-755
Published November 8, 2019
Last update February 13, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Key dates

02Disclosure timeline

November 8, 2019 CVE published
February 13, 2025 Record updated

Related vulnerabilities

04Related CVE