exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2020-10753

Status Candidate

Overview

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

Related Files

Gentoo Linux Security Advisory 202105-39
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-39 - Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. Versions less than 14.2.21 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10753, CVE-2020-1759, CVE-2020-1760, CVE-2020-25660, CVE-2020-25678, CVE-2020-27781, CVE-2021-20288
MD5 | d9c394d2cb2d7f6645bb6b9ed70f12a0
Ubuntu Security Notice USN-4706-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4706-1 - Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header injection via a CORS ExposeHeader tag. An attacker could use this to gain access or cause a crash. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2020-10736, CVE-2020-10753, CVE-2020-25660
MD5 | bebf402244a4c2e679e813eb9b40b74c
Ubuntu Security Notice USN-4528-1
Posted Sep 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4528-1 - Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to perform an HTTP header injection attack. Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2020-10753, CVE-2020-12059, CVE-2020-1760
MD5 | fab54bac4dc3199926f75767984dd1fa
Red Hat Security Advisory 2020-3504-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3504-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10753
MD5 | 00f438aac9ab60fd59f9b679de123585
Red Hat Security Advisory 2020-3505-01
Posted Aug 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3505-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10753
MD5 | 078295f3dad4e45b25caef5f5b6ff16a
Red Hat Security Advisory 2020-3003-01
Posted Jul 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3003-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-10753, CVE-2020-1760
MD5 | fc492b96cd3af3b2842f919f6ccc0fea
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close