What is CVE-2019-10222?

CVE-2019-10222 is a high-severity vulnerability in Ceph, classified under Improper Handling of Exceptional Conditions. CVSS score: 7.5/10. Published 2019-11-08.

How severe is CVE-2019-10222?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2019-10222 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ceph

CVE-2019-10222

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a r…

EPSS: 0.046 (90.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Ceph
The Ceph Project — versions n/a
Fedoraproject Fedora — versions 30, 31
Redhat Ceph_storage — versions 3.0, 3.3

Weakness classification (CWE)

CWE-755 — Improper Handling of Exceptional Conditions

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_MISC, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Mitigation, Issue Tracking, Vendor Advisory)
secalert@redhat.com

Frequently asked questions

What is CVE-2019-10222?: CVE-2019-10222 is a high-severity vulnerability in Ceph, classified under Improper Handling of Exceptional Conditions. CVSS score: 7.5/10. Published 2019-11-08.
How severe is CVE-2019-10222?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2019-10222 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.