Lucene search
K

30 matches found

Veracode
Veracode
added 2024/12/09 7:18 a.m.5 views

HTTP Request Smuggling

Keycloak Server is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of proxy headers, allowing attackers to exploit non-IP values, leading to costly DNS resolution operations that can overload IO threads...

4.7CVSS7.1AI score0.00399EPSS
Exploits0References9Affected Software3
NVD
NVD
added 2024/11/25 8:15 a.m.28 views

CVE-2024-9666

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS0.00399EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/11/25 7:37 a.m.9 views

CVE-2024-10492 Keycloak-quarkus-server: keycloak path trasversal

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider...

2.7CVSS3.4AI score0.00727EPSS
Exploits0References8
CVE
CVE
added 2024/11/25 7:29 a.m.302 views

CVE-2024-9666

CVE-2024-9666 – Keycloak DoS via proxy-header handling . The Keycloak Server is vulnerable to a denial-of-service when configured to accept proxy headers and behind a reverse proxy that does not overwrite incoming headers. Non-IP values (e.g., obfuscated identifiers) may be accepted without prope...

4.7CVSS5.5AI score0.00399EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/11/25 7:29 a.m.12 views

CVE-2024-9666 Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS6.6AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/21 7:23 p.m.1 views

org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS5.8AI score0.00399EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/11/21 4:52 p.m.11 views

CVE-2024-9666

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS6.5AI score0.00399EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.2 views

PT-2024-39748 · Red Hat · Keycloak Server

Name of the Vulnerable Software and Affected Versions: Keycloak Server affected versions not specified Description: A denial of service DoS attack is possible due to improper handling of proxy headers in the Keycloak Server. When configured to accept incoming proxy headers, Keycloak may accept...

4.7CVSS6.7AI score0.00399EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/12/15 12:0 a.m.48 views

RHEL 8 : Red Hat Single Sign-On 7.6.6 security update on RHEL 8 (Important) (RHSA-2023:7856)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7856 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.7CVSS6.3AI score0.01239EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2022/01/18 2:52 p.m.216 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 for OpenShift image security and enhancement update

A new image is available for Red Hat Single Sign-On 7.5.1, running on OpenShift Container Platform 3.10 and 3.11, and 4.9. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

8.8CVSS6.7AI score0.10448EPSS
Exploits0References5
Rows per page
Query Builder