CVE-2024-11734

Published: Jan 14, 2025Modified: Jan 14, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: secalert@redhat.com (Secondary)

Description

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

Related CWEs

CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (4)

https://access.redhat.com/errata/RHSA-2025:0299

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:0300

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-11734

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2328846

Source: secalert@redhat.com

Timeline

No history available yet.