Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-11734

Опубликовано: 13 янв. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

Отчет

Red Hat has evaluated this vulnerability and its impact is restricted to Keycloak. No Keycloak connectors/adapters are affected.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Enterprise Application Platform 8org.keycloak/keycloak-quarkus-serverNot affected
Red Hat JBoss Enterprise Application Platform Expansion Packorg.keycloak/keycloak-quarkus-serverNot affected
Red Hat build of Keycloak 26.0rhbk/keycloak-operator-bundleFixedRHSA-2025:029913.01.2025
Red Hat build of Keycloak 26.0rhbk/keycloak-rhel9FixedRHSA-2025:029913.01.2025
Red Hat build of Keycloak 26.0rhbk/keycloak-rhel9-operatorFixedRHSA-2025:029913.01.2025
RHBK 26.0.8org.keycloak/keycloak-quarkus-serverFixedRHSA-2025:030013.01.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-693
https://bugzilla.redhat.com/show_bug.cgi?id=2328846org.keycloak:keycloak-quarkus-server: Denial of Service in Keycloak Server via Security Headers

EPSS

Процентиль: 15%
0.00048
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-11734

CVSS3: 6.5
nvd
около 1 года назад

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

debian логотип

CVE-2024-11734

CVSS3: 6.5
debian
около 1 года назад

A denial of service vulnerability was found in Keycloak that could all ...

github логотип

GHSA-w3g8-r9gw-qrh8

CVSS3: 6.5
github
около 1 года назад

Denial of Service in Keycloak Server via Security Headers

EPSS

Процентиль: 15%
0.00048
Низкий

6.5 Medium

CVSS3