CVE-2015-5245

CWE-20 — Improper Input Validation7 documents7 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 41.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Ceph
Timeline
PublishedDec 3
Latest updateMay 17

Description

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

â–¶Debianceph< 0.80.10-1+3
â–¶NVDredhat/ceph0.94.3

🔴Vulnerability Details

3
GHSA
GHSA-782g-wgjp-wr8j: CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0↗2022-05-17
â–¶
OSV
CVE-2015-5245: CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0↗2015-12-03
â–¶
CVEList
CVE-2015-5245: CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0↗2015-12-03
â–¶

📋Vendor Advisories

2
Red Hat
Ceph: RGW returns requested bucket name raw in Bucket response header↗2015-08-18
â–¶
Debian
CVE-2015-5245: ceph - CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in ...↗2015
â–¶

💬Community

1
Bugzilla
CVE-2015-5245 Ceph: RGW returns requested bucket name raw in Bucket response header↗2015-09-09
â–¶
CVE-2015-5245 (MEDIUM CVSS 4.3) | CRLF injection vulnerability in the | cvebase.io