subject:"Bug#798567\: \[Ceph\-maintainers\] Bug#798567\: Bug#798567\: ceph\: CVE\-2015\-5245\: Rados rest gateway returns requested bucket name raw in Bucket response header"

Bug#798567: [Ceph-maintainers] Bug#798567: Bug#798567: ceph: CVE-2015-5245: Rados rest gateway returns requested bucket name raw in Bucket response header

2015-09-18 Thread Salvatore Bonaccorso

Hi Gaudenz, On Fri, Sep 18, 2015 at 05:26:18PM +0200, Gaudenz Steinlin wrote: > Gaudenz Steinlin writes: > > > Hi > > > > Salvatore Bonaccorso writes: > > > >> Source: ceph > >> Version: 0.80.7-2 > >> Severity: important > >> Tags: security upstream > >> Forwarded: http://tracker.ceph.com/issue

Bug#798567: [Ceph-maintainers] Bug#798567: Bug#798567: ceph: CVE-2015-5245: Rados rest gateway returns requested bucket name raw in Bucket response header

2015-09-18 Thread Gaudenz Steinlin

Hi Gaudenz Steinlin writes: > Hi > > Salvatore Bonaccorso writes: > >> Source: ceph >> Version: 0.80.7-2 >> Severity: important >> Tags: security upstream >> Forwarded: http://tracker.ceph.com/issues/12537 >> >> Hi, >> >> the following vulnerability was published for ceph. >> >> CVE-2015-5245[

Bug#798567: [Ceph-maintainers] Bug#798567: Bug#798567: ceph: CVE-2015-5245: Rados rest gateway returns requested bucket name raw in Bucket response header

2015-09-11 Thread Ken Dreyer

On Fri, Sep 11, 2015 at 4:04 AM, Gaudenz Steinlin wrote: > I fail to see how this is a security issue. Please see https://www.owasp.org/index.php/HTTP_Response_Splitting for an explanation about HTTP header manipulation attacks. - Ken