CVE-2017-2646
HIGH7.5EPSS 0.50%Keycloak vulnerable to infinite loop based Denial of Service
發布日:2018/10/18修改日:2023/11/8
描述
When Keycloak versions prior to 2.5.5 receive a Logout request with an Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.
受影響套件(1)
- Maven/org.keycloak:keycloak-corefrom 0, < 2.5.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |