Ceph Object Gateway CRLF Vulnerability (CVE-2015-5245)
Ceph Object Gateway CRLF Vulnerability (CVE-2015-5245)
Release date:
Updated on:
Affected Systems:
Ceph Ceph < 0.94.4
Description:
CVE (CAN) ID: CVE-2015-5245
Ceph Object Gateway is an Object Storage interface built on librados. It allows applications to access the distributed Storage system Ceph Storage Clusters through RESTful Gateway.
In versions earlier than Ceph 0.94.4, The Ceph Object Gateway has the CRLF Injection Vulnerability. Remote attackers inject arbitrary HTTP headers by constructing the bucket name, and execute HTTP Response isolation attacks.
<* Source: RedHat
*>
Suggestion:
Vendor patch:
Ceph
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://tracker.ceph.com/issues/12537
Install the distributed storage system Ceph on CentOS 7.1
Ceph environment configuration document PDF
Deploying Ceph on CentOS 6.3
Ceph Installation Process
HOWTO Install Ceph On FC12 and FC Install Ceph Distributed File System
Ceph File System Installation
CentOS 6.2 64-bit installation of Ceph 0.47.2
Ubuntu 12.04 Distributed File System (Ceph)
Install Ceph 0.24 on Fedora 14
Ceph details: click here
Ceph: click here
This article permanently updates the link address: