Описание
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.
EPSS
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.
A flaw was found in Keycloak. The Keycloak Authorization header parser ...
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
EPSS
5.3 Medium
CVSS3