Описание
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1431230keycloak: DoS via SAML request
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
CVSS3: 7.5
debian
больше 7 лет назад
It was found that when Keycloak before 2.5.5 receives a Logout request ...
CVSS3: 7.5
github
больше 7 лет назад
Keycloak vulnerable to infinite loop based Denial of Service
7.5 High
CVSS3