{ "threat_severity" : "Important", "public_date" : "2020-08-18T00:00:00Z", "bugzilla" : { "description" : "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body", "id" : "1843849", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.", "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability." ], "acknowledgement" : "Red Hat would like to thank Matt Hamilton (Soluble.ai) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Single Sign-On 7.4.2", "release_date" : "2020-08-18T00:00:00Z", "advisory" : "RHSA-2020:3501", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.4" }, { "product_name" : "Red Hat Single Sign-On 7.4 for RHEL 6", "release_date" : "2020-08-18T00:00:00Z", "advisory" : "RHSA-2020:3495", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el6", "package" : "rh-sso7-keycloak-0:9.0.5-1.redhat_00001.1.el6sso" }, { "product_name" : "Red Hat Single Sign-On 7.4 for RHEL 7", "release_date" : "2020-08-18T00:00:00Z", "advisory" : "RHSA-2020:3496", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el7", "package" : "rh-sso7-keycloak-0:9.0.5-1.redhat_00001.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.4 for RHEL 8", "release_date" : "2020-08-18T00:00:00Z", "advisory" : "RHSA-2020:3497", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7::el8", "package" : "rh-sso7-keycloak-0:9.0.5-1.redhat_00001.1.el8sso" }, { "product_name" : "Text-Only RHOAR", "release_date" : "2020-09-02T00:00:00Z", "advisory" : "RHSA-2020:3539", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "package_state" : [ { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "keycloak", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "impact" : "low" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "keycloak", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "keycloak", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "impact" : "low" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "keycloak", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "impact" : "low" }, { "product_name" : "Red Hat support for Spring Boot", "fix_state" : "Not affected", "package_name" : "keycloak", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "impact" : "low" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-10758\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10758" ], "name" : "CVE-2020-10758", "mitigation" : { "value" : "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands='/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload'", "lang" : "en:us" }, "csaw" : false }