CVE-2015-5245

{"id": "CVE-2015-5245", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-12-03T20:59:05.223", "references": [{"url": "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://tracker.ceph.com/issues/12537", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2015:2512", "source": "secalert@redhat.com"}, {"url": "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tracker.ceph.com/issues/12537", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2015:2512", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en la Ceph Object Gateway (tambi\u00e9n conocida como radosgw o RGW) en Ceph en versiones anteriores a 0.94.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separaci\u00f3n de respuesta HTTP a trav\u00e9s de un nombre de contenedor manipulado."}], "lastModified": "2024-11-21T02:32:38.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "484C877F-D9BB-4D8B-B8A9-2052E65ECE67", "versionEndIncluding": "0.94.3"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/113.html\">CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')</a>", "sourceIdentifier": "secalert@redhat.com"}