CVE-2017-2582

Sažetak

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

Reference

http://www.securityfocus.com/bid/101046
http://www.securitytracker.com/id/1041707
https://access.redhat.com/errata/RHSA-2017:2808
https://access.redhat.com/errata/RHSA-2017:2809
https://access.redhat.com/errata/RHSA-2017:2810
https://access.redhat.com/errata/RHSA-2017:2811
https://access.redhat.com/errata/RHSA-2017:3216
https://access.redhat.com/errata/RHSA-2017:3217
https://access.redhat.com/errata/RHSA-2017:3218
https://access.redhat.com/errata/RHSA-2017:3219
https://access.redhat.com/errata/RHSA-2017:3220
https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2019:0136
https://access.redhat.com/errata/RHSA-2019:0137
https://access.redhat.com/errata/RHSA-2019:0139
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582
https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

23-01-2019 - 11:29

Objavljeno

26-07-2018 - 17:29