VDB
CVE-2019-10222
CVE-2019-10222
PUBLISHED
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
EPSS 1.80% · 83.2th percentile
Risk Scores
EPSS Score
1.80%
83.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | ceph | 0, 12.2.0-0ubuntu1, 12.2.2-0ubuntu1 |
Timeline
- Aug 28, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-10222 third-party-advisory
- https://github.com/ceph/ceph/pull/29967 third-party-advisory
- https://github.com/ceph/ceph/commit/6171399fdedd928b4249d135b4036e3de25079aa third-party-advisory
- https://ubuntu.com/security/notices/USN-4112-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-10222 third-party-advisory