4 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2024-1132
Keycloak path traversal vulnerability (CVE-2024-1132) arises from improper validation of redirect URLs, enabling an attacker to bypass validation and access other URLs within the domain when a client uses wildcard Valid Redirect URIs. The issue requires user interaction and affects clients with w...
CVE-2023-6291
Technical details about CVE-2023-6291 are not publicly available in the provided documents. Monitor for updates from Red Hat/Keycloak advisories for affected products, versions, and patches.
CVE-2022-4492
CVE-2022-4492 is linked to Undertow: the undertow client does not verify the server identity presented by the server certificate in HTTPS connections, a TLS-level check that should be performed by default. This can enable weaknesses in TLS client verification and potential MITM scenarios. Connect...