This site requires JavaScript to be enabled to function correctly, please enable it.
Summary:
An anonymous user can provoke an abort() of the RGW server by sending a request with an invalid HTTP Origin header, against buckets with CORS AllowedOrigin rules.
Product:
[Red Hat Storage] Red Hat Ceph Storage
Reporter:
Matt Benjamin (redhat) <mbenjamin>
Component:
RGW Assignee:
Matt Benjamin (redhat) <mbenjamin>
Status:
CLOSED
DUPLICATE
QA Contact:
ceph-qe-bugs <ceph-qe-bugs>
Severity:
urgent
Docs Contact:
Priority:
unspecified
Version:
1.3.3 CC:
cbodley, ceph-eng-bugs, ceph-qe-bugs, hnallurv, kbader, kdreyer, mbenjamin, owasserm, sisharma, sweil
Target Milestone:
rc Keywords:
Security
Target Release:
1.3.3
Hardware:
All
OS:
All
Whiteboard:
Fixed In Version:
RHEL: ceph-0.94.9-9.el7cp Ubuntu: ceph_0.94.9-10redhat1trusty
Doc Type:
If docs needed, set a value
Doc Text:
Story Points:
---
Clone Of:
1403003
Environment:
Last Closed:
2016-12-16 17:03:54 UTC
Type:
Bug
Regression:
---
Mount Type:
---
Documentation:
---
CRM:
Verified Versions:
Category:
---
oVirt Team:
---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:
---
Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:
1403245