View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-9579 severity low: SUSE including 49 source package names (ceph, ceph-10.2.10+git.1510313171.6d5f0aeac1-13.7.3, …), 51 product×package rows across 5 product lines (SUSE Enterprise Storage 3, SUSE Enterprise Storage 4, … (5 product lines)): Fixed 42, Known Not Affected 9.
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.