CVE-2017-2646

2018-07-27T14:29:01
ID CVE-2017-2646
Type cve
Reporter NVD
Modified 2018-09-27T09:17:35

Description

It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.