{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T21:52:26.620","vulnerabilities":[{"cve":{"id":"CVE-2016-9579","sourceIdentifier":"secalert@redhat.com","published":"2018-08-01T16:29:00.427","lastModified":"2024-11-21T03:01:25.820","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected."},{"lang":"es","value":"Se ha encontrado un error en la forma en la que Ceph Object Gateway procesa peticiones HTTP cross-origin si la política CORS está configurada para permitir el origen en un bucket. Un atacante remoto no autenticado podría utilizar este problema para provocar una denegación de servicio (DoS) mediante el envío de una petición HTTP cross-origin especialmente manipulada. Las ramas de Ceph 1.3.x y 2.x se han visto afectadas."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage:1.3:*:*:*:*:*:*:*","matchCriteriaId":"26E67C3A-4458-4DC9-B40E-C0B285C87211"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage_mon:1.3:*:*:*:*:*:*:*","matchCriteriaId":"01F0F540-E08A-43DB-AD86-7FD8B212BFCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*","matchCriteriaId":"8C2EBAD9-F0D5-4176-9C4D-001B230E699E"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage_osd:1.3:*:*:*:*:*:*:*","matchCriteriaId":"6ECF4DC0-ECE3-40C0-ABF3-A8E17C17589C"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*","matchCriteriaId":"AA5F5227-DBDA-4C01-BF7C-4D53F455404F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*","matchCriteriaId":"D07DF15E-FE6B-4DAF-99BB-2147CF7D7EEA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ceph_storage:1.3:*:*:*:*:*:*:*","matchCriteriaId":"26E67C3A-4458-4DC9-B40E-C0B285C87211"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2954.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2956.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2994.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2995.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://tracker.ceph.com/issues/18187","source":"secalert@redhat.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94936","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2954.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2956.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2994.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2995.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://tracker.ceph.com/issues/18187","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94936","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}}]}