Описание
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-551
Связанные уязвимости
CVSS3: 5.3
debian
около 1 месяца назад
A flaw was found in Keycloak. The Keycloak Authorization header parser ...
CVSS3: 5.3
github
около 1 месяца назад
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-551