QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3531

Published: May 18, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

Vendor	Product	Versions
n/a	ceph	affected `ceph 14.2.21`

Weaknesses (CWE)

References

[oss-security] 20210514 CVE-2021-3531: Ceph: RGW unauthenticated denial of service

mailing-list

[oss-security] 20210517 Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service

mailing-list

https://bugzilla.redhat.com/show_bug.cgi?id=1955326

FEDORA-2021-ec414c5e18

vendor-advisory

FEDORA-2021-6e540b85b9

vendor-advisory

FEDORA-2021-1bf13db941

vendor-advisory

[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.