CVE-2024-9666

Name of the Vulnerable Software and Affected Versions Keycloak Server (affected versions not specified)

Description A denial of service (DoS) attack is possible due to improper handling of proxy headers in the Keycloak Server. When configured to accept incoming proxy headers, Keycloak may accept non-IP values without proper validation, leading to costly DNS resolution operations. An attacker could exploit this to tie up IO threads and cause a denial of service. The attacker must have access to send requests to a Keycloak instance configured to accept and trust proxy headers, particularly when reverse proxies do not overwrite incoming headers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.