CVE-2017-2646

2017-03-10T18:48:09
ID RH:CVE-2017-2646
Type redhatcve
Reporter redhat.com
Modified 2020-08-18T14:56:56

Description

It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.