CVE-2017-2646
published 2018-07-27CVE-2017-2646: It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | keycloak | — | — |
| redhat | keycloak | < 2.5.5 | 2.5.5 |