diff --git a/0003-cve-2019-3821.patch b/0003-cve-2019-3821.patch
new file mode 100644
index 0000000..f25bbb7
--- /dev/null
+++ b/0003-cve-2019-3821.patch
@@ -0,0 +1,13 @@
+diff -ur ceph-14.0.1/src/civetweb/src/civetweb.c ceph-14.0.1.mod/src/civetweb/src/civetweb.c
+--- ceph-14.0.1/src/civetweb/src/civetweb.c	2018-06-20 15:53:52.000000000 +0200
++++ ceph-14.0.1.mod/src/civetweb/src/civetweb.c	2019-02-21 08:28:09.797504543 +0100
+@@ -16268,6 +16268,9 @@
+ 					conn->request_info.client_cert = 0;
+ 				}
+ 			}
++			else {
++				close_connection(conn);
++			}
+ #endif
+ 		} else {
+ 			/* process HTTP connection */
diff --git a/ceph.spec b/ceph.spec
index 96bb308..3b28ef6 100644
--- a/ceph.spec
+++ b/ceph.spec
@@ -113,6 +113,7 @@ URL:		http://ceph.com/
 Source0:	%{?_remote_tarball_prefix}ceph-14.0.1.tar.bz2
 Patch001:	0001-f30-python3-execs.patch
 Patch002:	0002-f30-gcc9.patch
+Patch003:	0003-cve-2019-3821.patch
 ExcludeArch:	i686 armv7hl
 #################################################################################
 # dependencies that apply across all distro families