logo

Database

Inappropriate coding practices In org.keycloak:keycloak-core

Description

Keycloak vulnerable to infinite loop based Denial of Service When Keycloak versions prior to 2.5.5 receive a Logout request with an Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-26462. NVD-2017-26463. OSV-2017-26464. GHSA-jc6q-27mw-p55w5. GCVE-2017-26466. bugzilla.redhat.com

References

1. http://www.securityfocus.com/bid/96882

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.