PT-2017-5881 · Red Hat · Jboss Keycloak+1

Published

2017-12-29

Updated

2018-10-18

CVE-2014-3651

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: JBoss KeyCloak versions prior to 1.0.3.Final

Description: The issue allows remote attackers to cause a denial of service (resource consumption) by supplying a large value in the size parameter to the "auth/qrcode" endpoint, related to QR code generation.

Recommendations: For versions prior to 1.0.3.Final, update to version 1.0.3.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the "auth/qrcode" endpoint or limiting the allowed values for the size parameter to prevent exploitation.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2014-3651

GHSA-R32R-3977-CGC3

Affected Products

Jboss Keycloak

Keycloak

PT-2017-5881 · Red Hat · Jboss Keycloak+1

CVE-2014-3651

Weakness Enumeration

Related Identifiers

Affected Products

References · 6