|
Description
|
|
(:A vulnerability was reported in Ceph.:A remote attacker could exploit it via a specially crafted bucket name in order to inject HTTP headers and perform HTTP splitting attacks.::This vulnerability is due to Ceph which returns requested bucket name raw in Bucket response header.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable OS:
GNU/Linux (Debian) - 8
|
|
|
|
|
|
Solution
|
|
Version 8.3 of Debian Jessie fixes this vulnerability.
|
|
|
|
|
|
CVE
|
|
CVE-2015-5245
|
|
|
|
|
|
References
|
|
- Ceph : v0.94.4 Hammer released
http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html
- Debian : Updated Debian 8: 8.3 released
https://www.debian.org/News/2016/20160123
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
