Mirantis OpenStack

  1. Bug #1520185
  2. Comment #0

Comment 0 for bug 1520185

Revision history for this message
Adam Heczko (aheczko-mirantis) wrote :

Please help me identify whether we are vulnerable to CVE-2015-5245

Problem description:
Ceph RadosGW versions up to v0.80.10 are vulnerable to HTTP header modification attack.

Resolution proposal:
Apply appropriate patchset preventing HTTP header manipulation.

Upstream bug report:
http://tracker.ceph.com/issues/12537

How to check/reproduce:
Mentioned in upstream bug report (curl)