CVE-2020-14359

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...

Design/Logic Flaw

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers via cURL an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers e.g. Jetty. This means there is no protection when we put a Gatekeeper in front of a Jet...

CVE-2020-14359

CVE-2020-14359 affects all versions of Keycloak Gatekeeper. The vulnerability allows bypass of Gatekeeper authentication when lowercase HTTP headers are used (e.g., via curl), a scenario tolerated by some webservers like Jetty. Impacted component: Gatekeeper in front of a Jetty backend can fail t...

Red Hat Keycloak Security Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from when the Jetty server uses lowercase headers without any protection...

CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations...

PT-2019-12154 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue arises when custom headers are supplied to the mail function in lowercase, resulting in double-freeing certain memory locations due to a mistake introduced in a specif...