CVE-2015-5245: CRLF Injection
First published: Wed Sep 09 2015(Updated: )
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Ceph | <=0.94.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5245
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat ceph
- version/redhat ceph/0.94.3