UBUNTU-CVE-2019-3821

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2019-3821
Downstream
USN-4035-1
Published: 27 Mar 2019, 00:00
Last modified:04 Feb 2026, 03:03

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

27 Mar 2019, 00:00
Published
Vulnerability first disclosed
04 Feb 2026, 03:03
Last Modified
Vulnerability information updated

Description

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • v3.0HIGHScore: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

  • ubuntuceph

    < 10.2.11-0ubuntu0.16.04.1 | < 12.2.11-0ubuntu0.18.04.2

References (3)