Описание
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.5 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00503
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-835
CWE-835
Связанные уязвимости
CVSS3: 7.5
redhat
почти 9 лет назад
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
CVSS3: 7.5
debian
больше 7 лет назад
It was found that when Keycloak before 2.5.5 receives a Logout request ...
CVSS3: 7.5
github
больше 7 лет назад
Keycloak vulnerable to infinite loop based Denial of Service
EPSS
Процентиль: 65%
0.00503
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-835
CWE-835