CVE-2024-11734

EPSS 0.05%
Veröffentlicht 14.01.2025 09:15:19
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers

Denial of Service in Keycloak Server via Security Headers

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

Mögliche Gegenmaßnahme

Keycloak Server: Install latest version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

CNA 7 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/keycloak/keycloak

≫

Paket keycloak

Default Statusunaffected

Version 0

Version < 26.0.8

Status affected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.0

Default Statusaffected

Version 26.0.8-1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.0

Default Statusaffected

Version 26.0-7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.0

Default Statusaffected

Version 26.0-8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt RHBK 26.0.8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusunaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemKeycloak

≫

Produkt Keycloak Server

Version < 26.0.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://access.redhat.com/errata/RHSA-2025:0299

https://access.redhat.com/errata/RHSA-2025:0300

https://access.redhat.com/security/cve/CVE-2024-11734

https://bugzilla.redhat.com/show_bug.cgi?id=2328846

https://github.com/keycloak/keycloak/security/advisories/GHSA-w3g8-r9gw-qrh8

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-11734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-11734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-11734

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-11734