7.5
CWE
772
Advisory Published
CVE Published
Updated

CVE-2019-3821

First published: Thu Dec 06 2018(Updated: )

A flaw was found in rados gateway shipped as part of ceph. Unclosed file descriptors while denying TCP connections to SSL serving port pile up until exhaustion of resources leading to potencial remote denial of service.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Ceph Civetweb
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.10
Canonical Ubuntu Linux=19.04
Ceph Civetweb<1.11
debian/ceph
14.2.21-1
16.2.11+ds-2
16.2.15+ds-0+deb12u1
18.2.4+ds-11

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-3821?

    CVE-2019-3821 is a vulnerability found in the way civetweb frontend handles requests for ceph RGW server with SSL enabled, allowing an unauthenticated attacker to create multiple connections and exhaust file descriptors, leading to a remote denial of service.

  • Which software is affected by CVE-2019-3821?

    The software affected by CVE-2019-3821 includes Ceph Civetweb, Canonical Ubuntu Linux 16.04 LTS, Canonical Ubuntu Linux 18.10, and Canonical Ubuntu Linux 19.04.

  • What is the severity of CVE-2019-3821?

    CVE-2019-3821 has a severity rating of 7.5 (High).

  • How can I fix CVE-2019-3821 on Ubuntu?

    To fix CVE-2019-3821 on Ubuntu, you can update the ceph package to version 13.2.4+dfsg1-0ubuntu0.18.10.2 for Ubuntu 18.10 (Cosmic) or version 13.2.4+dfsg1-0ubuntu2.1 for Ubuntu 19.04 (Disco).

  • Are there any references for CVE-2019-3821?

    Yes, you can find references for CVE-2019-3821 at the following links: [Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821), [GitHub](https://github.com/ceph/civetweb/pull/33), [Ubuntu Security Notice](https://usn.ubuntu.com/4035-1/).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203