QwikSec

Security Database

CVE

CWE

Training

CVE-2020-1700

Published: Feb 7, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.

Vendor	Product	Versions
[UNKNOWN]	ceph	affected `14.2.4-125.el8cp` affected `14.2.4-51.el7cp`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700

openSUSE-SU-2020:0187

vendor-advisory

vendor-advisory

[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.