Denial of Service Vulnerability in Keycloak 2.5.5 and Earlier
CVE-2017-2646 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:N/A:P
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
Learn more about our Web Application Penetration Testing UK.