CVE-2014-3651

Опубликовано: 21 окт. 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.

It was discovered that by requesting a large enough image size for a generated QR code in JBoss KeyCloak, a remote attacker could cause uncontrolled resource consumption leading to denial of service for legitimate users.

Отчет

This issue does not affect any supported Red Hat products.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Web Server 1	mobile	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1144278KeyCloak: DoS via QR code generation

EPSS

Процентиль: 74%

0.00802

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-3651

CVSS3: 7.5

nvd

около 8 лет назад

JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.

GHSA-r32r-3977-cgc3