Home > Vulnerability Database > CVE-2019-10222

Mend.io Vulnerability Database

CVE-2019-10222

Date: November 8, 2019

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

Language: C

Severity Score

7.5

Related Resources (12)

Url: https://access.redhat.com/security/cve/CVE-2019-10222

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10222

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10222

Url: https://access.redhat.com/errata/RHSA-2019:2579

Url: https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Url: https://tracker.ceph.com/issues/40018

Url: https://access.redhat.com/errata/RHSA-2019:2577

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1739292

Url: https://security.alpinelinux.org/vuln/CVE-2019-10222

Url: https://security-tracker.debian.org/tracker/CVE-2019-10222

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222

Url: https://www.mend.io/vulnerability-database/CVE-2019-10222

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Improper Handling of Exceptional Conditions

CWE-755

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10222

Date: November 8, 2019

Language: C

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?