7.5

CVE-2020-10758

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatKeycloak Version < 11.0.1
RedhatOpenshift Application Runtimes Version- SwEditiontext-only
RedhatSingle Sign-on Version- SwEditiontext-only
RedhatSingle Sign-on Version7.0
RedhatSingle Sign-on Version7.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.24% 0.806
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://bugzilla.redhat.com/show_bug.cgi?id=1843849
Vendor Advisory
Issue Tracking
Mitigation
https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251
Patch
Third Party Advisory