Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-9970 (GCVE-0-2014-9970)
Vulnerability from cvelistv5 – Published: 2017-05-21 18:00 – Updated: 2024-08-06 14:02
VLAI
EPSS
Summary
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1040360 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2017:2809 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2547 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2810 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1039744 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2018:0294 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2808 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2546 | vendor-advisoryx_refsource_REDHAT |
| https://sourceforge.net/p/jasypt/code/668/ | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:3141 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2811 | vendor-advisoryx_refsource_REDHAT |
Date Public
2017-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:37.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2017:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:2547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:2810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "1039744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "RHSA-2018:0294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "RHSA-2017:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "RHSA-2017:2546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/jasypt/code/668/"
},
{
"name": "RHSA-2017:3141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "jasypt before 1.9.2 allows a timing attack against the password hash comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1040360",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2017:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:2547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:2810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "1039744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "RHSA-2018:0294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "RHSA-2017:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "RHSA-2017:2546",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/jasypt/code/668/"
},
{
"name": "RHSA-2017:3141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jasypt before 1.9.2 allows a timing attack against the password hash comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name": "RHSA-2017:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name": "RHSA-2017:2547",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name": "RHSA-2017:2810",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name": "1039744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name": "RHSA-2018:0294",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name": "RHSA-2017:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name": "RHSA-2017:2546",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"name": "https://sourceforge.net/p/jasypt/code/668/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/jasypt/code/668/"
},
{
"name": "RHSA-2017:3141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name": "RHSA-2017:2811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9970",
"datePublished": "2017-05-21T18:00:00.000Z",
"dateReserved": "2017-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:02:37.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-9970",
"date": "2026-05-28",
"epss": "0.00701",
"percentile": "0.7232"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-9970\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-05-21T18:29:00.173\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jasypt before 1.9.2 allows a timing attack against the password hash comparison.\"},{\"lang\":\"es\",\"value\":\"Jasypt en versiones anteriores a la 1.9.2 permite un ataque de sincronizaci\u00f3n contra la comparaci\u00f3n del hash de la contrase\u00f1a.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jasypt_project:jasypt:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.9.1\",\"matchCriteriaId\":\"CE8F4A27-C1BE-4759-AA43-FD9991FE98D5\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1039744\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1040360\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2546\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2547\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2808\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2809\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2810\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2811\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3141\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0294\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://sourceforge.net/p/jasypt/code/668/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1039744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1040360\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2811\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://sourceforge.net/p/jasypt/code/668/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2017:2904
Vulnerability from csaf_redhat - Published: 2017-10-17 19:53 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: rh-sso7-keycloak security update
Severity
Moderate
Notes
Topic: An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 7.1 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
* It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. (CVE-2017-12158)
* It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. (CVE-2017-12159)
* It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information. (CVE-2017-12197)
* It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. (CVE-2017-12160)
Red Hat would like to thank Mykhailo Stadnyk (Playtech) for reporting CVE-2017-12158; Prapti Mittal for reporting CVE-2017-12159; and Bart Toersche (Simacan) for reporting CVE-2017-12160. The CVE-2017-12197 issue was discovered by Christian Heimes (Red Hat).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
5.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
5.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
5.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
CWE-285 - Improper AuthorizationAffected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
4.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
29 references
Acknowledgments
Playtech
Mykhailo Stadnyk
Prapti Mittal
Simacan
Bart Toersche
Red Hat
Christian Heimes
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 7.1 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. (CVE-2017-12158)\n\n* It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. (CVE-2017-12159)\n\n* It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information. (CVE-2017-12197)\n\n* It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. (CVE-2017-12160)\n\nRed Hat would like to thank Mykhailo Stadnyk (Playtech) for reporting CVE-2017-12158; Prapti Mittal for reporting CVE-2017-12159; and Bart Toersche (Simacan) for reporting CVE-2017-12160. The CVE-2017-12197 issue was discovered by Christian Heimes (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2904",
"url": "https://access.redhat.com/errata/RHSA-2017:2904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.1/html/release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.1/html/release_notes/"
},
{
"category": "external",
"summary": "1484111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"
},
{
"category": "external",
"summary": "1484154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154"
},
{
"category": "external",
"summary": "1489161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161"
},
{
"category": "external",
"summary": "1503103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
},
{
"category": "external",
"summary": "RHSSO-1121",
"url": "https://issues.redhat.com/browse/RHSSO-1121"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2904.json"
}
],
"title": "Red Hat Security Advisory: rh-sso7-keycloak security update",
"tracking": {
"current_release_date": "2026-05-14T22:23:46+00:00",
"generator": {
"date": "2026-05-14T22:23:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:2904",
"initial_release_date": "2017-10-17T19:53:00+00:00",
"revision_history": [
{
"date": "2017-10-17T19:53:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-17T19:53:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.1 for RHEL 6 Server",
"product": {
"name": "Red Hat Single Sign-On 7.1 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"product_id": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@2.5.14-1.Final_redhat_1.1.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"product": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"product_id": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"product": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"product_id": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch as a component of Red Hat Single Sign-On 7.1 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
},
"product_reference": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-RHSSO-7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src as a component of Red Hat Single Sign-On 7.1 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src"
},
"product_reference": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"relates_to_product_reference": "6Server-RHSSO-7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch as a component of Red Hat Single Sign-On 7.1 for RHEL 6 Server",
"product_id": "6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-RHSSO-7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9970",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1455566"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jasypt: Vulnerable to timing attack against the password hash comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9970"
},
{
"category": "external",
"summary": "RHBZ#1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9970",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2904"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jasypt: Vulnerable to timing attack against the password hash comparison"
},
{
"acknowledgments": [
{
"names": [
"Mykhailo Stadnyk"
],
"organization": "Playtech"
}
],
"cve": "CVE-2017-12158",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2017-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1489161"
}
],
"notes": [
{
"category": "description",
"text": "It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS using HOST header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12158"
},
{
"category": "external",
"summary": "RHBZ#1489161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2904"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS using HOST header"
},
{
"acknowledgments": [
{
"names": [
"Prapti Mittal"
]
}
],
"cve": "CVE-2017-12159",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2017-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1484111"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: CSRF token fixation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12159"
},
{
"category": "external",
"summary": "RHBZ#1484111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12159",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2904"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: CSRF token fixation"
},
{
"acknowledgments": [
{
"names": [
"Bart Toersche"
],
"organization": "Simacan"
}
],
"cve": "CVE-2017-12160",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2017-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1484154"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: resource privilege extension via access token in oauth",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12160"
},
{
"category": "external",
"summary": "RHBZ#1484154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12160",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2904"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: resource privilege extension via access token in oauth"
},
{
"acknowledgments": [
{
"names": [
"Christian Heimes"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-12197",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2017-09-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1503103"
}
],
"notes": [
{
"category": "description",
"text": "It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpam4j: Account check bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12197"
},
{
"category": "external",
"summary": "RHBZ#1503103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12197",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2904"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch",
"6Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.src",
"6Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpam4j: Account check bypass"
}
]
}
RHSA-2017:2905
Vulnerability from csaf_redhat - Published: 2017-10-17 19:53 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: rh-sso7-keycloak security update
Severity
Moderate
Notes
Topic: An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 7.1 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
* It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. (CVE-2017-12158)
* It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. (CVE-2017-12159)
* It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information. (CVE-2017-12197)
* It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. (CVE-2017-12160)
Red Hat would like to thank Mykhailo Stadnyk (Playtech) for reporting CVE-2017-12158; Prapti Mittal for reporting CVE-2017-12159; and Bart Toersche (Simacan) for reporting CVE-2017-12160. The CVE-2017-12197 issue was discovered by Christian Heimes (Red Hat).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
5.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
5.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
5.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
CWE-285 - Improper AuthorizationAffected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
4.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
29 references
Acknowledgments
Playtech
Mykhailo Stadnyk
Prapti Mittal
Simacan
Bart Toersche
Red Hat
Christian Heimes
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 7.1 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. (CVE-2017-12158)\n\n* It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. (CVE-2017-12159)\n\n* It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information. (CVE-2017-12197)\n\n* It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. (CVE-2017-12160)\n\nRed Hat would like to thank Mykhailo Stadnyk (Playtech) for reporting CVE-2017-12158; Prapti Mittal for reporting CVE-2017-12159; and Bart Toersche (Simacan) for reporting CVE-2017-12160. The CVE-2017-12197 issue was discovered by Christian Heimes (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2905",
"url": "https://access.redhat.com/errata/RHSA-2017:2905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.1/html/release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.1/html/release_notes/"
},
{
"category": "external",
"summary": "1484111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"
},
{
"category": "external",
"summary": "1484154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154"
},
{
"category": "external",
"summary": "1489161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161"
},
{
"category": "external",
"summary": "1503103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
},
{
"category": "external",
"summary": "RHSSO-1122",
"url": "https://issues.redhat.com/browse/RHSSO-1122"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2905.json"
}
],
"title": "Red Hat Security Advisory: rh-sso7-keycloak security update",
"tracking": {
"current_release_date": "2026-05-14T22:23:43+00:00",
"generator": {
"date": "2026-05-14T22:23:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:2905",
"initial_release_date": "2017-10-17T19:53:19+00:00",
"revision_history": [
{
"date": "2017-10-17T19:53:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-17T19:53:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.1 for RHEL 7 Server",
"product": {
"name": "Red Hat Single Sign-On 7.1 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"product": {
"name": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"product_id": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@2.5.14-1.Final_redhat_1.1.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"product": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"product_id": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"product": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"product_id": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-sso7-keycloak@2.5.14-1.Final_redhat_1.1.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch as a component of Red Hat Single Sign-On 7.1 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
},
"product_reference": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src as a component of Red Hat Single Sign-On 7.1 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src"
},
"product_reference": "rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"relates_to_product_reference": "7Server-RHSSO-7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch as a component of Red Hat Single Sign-On 7.1 for RHEL 7 Server",
"product_id": "7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
},
"product_reference": "rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-RHSSO-7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9970",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1455566"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jasypt: Vulnerable to timing attack against the password hash comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9970"
},
{
"category": "external",
"summary": "RHBZ#1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9970",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2905"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jasypt: Vulnerable to timing attack against the password hash comparison"
},
{
"acknowledgments": [
{
"names": [
"Mykhailo Stadnyk"
],
"organization": "Playtech"
}
],
"cve": "CVE-2017-12158",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2017-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1489161"
}
],
"notes": [
{
"category": "description",
"text": "It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS using HOST header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12158"
},
{
"category": "external",
"summary": "RHBZ#1489161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2905"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS using HOST header"
},
{
"acknowledgments": [
{
"names": [
"Prapti Mittal"
]
}
],
"cve": "CVE-2017-12159",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2017-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1484111"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: CSRF token fixation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12159"
},
{
"category": "external",
"summary": "RHBZ#1484111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12159",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2905"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: CSRF token fixation"
},
{
"acknowledgments": [
{
"names": [
"Bart Toersche"
],
"organization": "Simacan"
}
],
"cve": "CVE-2017-12160",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2017-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1484154"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: resource privilege extension via access token in oauth",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12160"
},
{
"category": "external",
"summary": "RHBZ#1484154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12160",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2905"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: resource privilege extension via access token in oauth"
},
{
"acknowledgments": [
{
"names": [
"Christian Heimes"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-12197",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2017-09-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1503103"
}
],
"notes": [
{
"category": "description",
"text": "It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpam4j: Account check bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12197"
},
{
"category": "external",
"summary": "RHBZ#1503103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12197",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:53:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2905"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch",
"7Server-RHSSO-7.1:rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.src",
"7Server-RHSSO-7.1:rh-sso7-keycloak-server-0:2.5.14-1.Final_redhat_1.1.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpam4j: Account check bypass"
}
]
}
RHSA-2017:2906
Vulnerability from csaf_redhat - Published: 2017-10-17 19:42 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat Single Sign-On security update
Severity
Moderate
Notes
Topic: Red Hat Single Sign-On 7.1.3 is now available for download from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.1 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The Node.js adapter provides a simple module for authentication and authorization in Node.js applications.
This release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
* It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. (CVE-2017-12158)
* It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. (CVE-2017-12159)
* It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information. (CVE-2017-12197)
* It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. (CVE-2017-12160)
Red Hat would like to thank Mykhailo Stadnyk (Playtech) for reporting CVE-2017-12158; Prapti Mittal for reporting CVE-2017-12159; and Bart Toersche (Simacan) for reporting CVE-2017-12160. The CVE-2017-12197 issue was discovered by Christian Heimes (Red Hat).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
5.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
CWE-285 - Improper AuthorizationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7.1
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:jboss_single_sign_on:7.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
29 references
Acknowledgments
Playtech
Mykhailo Stadnyk
Prapti Mittal
Simacan
Bart Toersche
Red Hat
Christian Heimes
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Single Sign-On 7.1.3 is now available for download from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.1 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The Node.js adapter provides a simple module for authentication and authorization in Node.js applications.\n\nThis release of Red Hat Single Sign-On 7.1.3 serves as a replacement for Red Hat Single Sign-On 7.1.2, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. (CVE-2017-12158)\n\n* It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. (CVE-2017-12159)\n\n* It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information. (CVE-2017-12197)\n\n* It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. (CVE-2017-12160)\n\nRed Hat would like to thank Mykhailo Stadnyk (Playtech) for reporting CVE-2017-12158; Prapti Mittal for reporting CVE-2017-12159; and Bart Toersche (Simacan) for reporting CVE-2017-12160. The CVE-2017-12197 issue was discovered by Christian Heimes (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2906",
"url": "https://access.redhat.com/errata/RHSA-2017:2906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.1/html/release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.1/html/release_notes/"
},
{
"category": "external",
"summary": "1484111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"
},
{
"category": "external",
"summary": "1484154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154"
},
{
"category": "external",
"summary": "1489161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161"
},
{
"category": "external",
"summary": "1503103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2906.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On security update",
"tracking": {
"current_release_date": "2026-05-14T22:23:44+00:00",
"generator": {
"date": "2026-05-14T22:23:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:2906",
"initial_release_date": "2017-10-17T19:42:35+00:00",
"revision_history": [
{
"date": "2017-10-17T19:42:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-17T19:42:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.1",
"product": {
"name": "Red Hat Single Sign-On 7.1",
"product_id": "Red Hat Single Sign-On 7.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_single_sign_on:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9970",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1455566"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jasypt: Vulnerable to timing attack against the password hash comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9970"
},
{
"category": "external",
"summary": "RHBZ#1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9970",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:42:35+00:00",
"details": "Before applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jasypt: Vulnerable to timing attack against the password hash comparison"
},
{
"acknowledgments": [
{
"names": [
"Mykhailo Stadnyk"
],
"organization": "Playtech"
}
],
"cve": "CVE-2017-12158",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2017-08-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1489161"
}
],
"notes": [
{
"category": "description",
"text": "It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS using HOST header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12158"
},
{
"category": "external",
"summary": "RHBZ#1489161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:42:35+00:00",
"details": "Before applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: reflected XSS using HOST header"
},
{
"acknowledgments": [
{
"names": [
"Prapti Mittal"
]
}
],
"cve": "CVE-2017-12159",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2017-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1484111"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: CSRF token fixation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12159"
},
{
"category": "external",
"summary": "RHBZ#1484111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12159",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:42:35+00:00",
"details": "Before applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: CSRF token fixation"
},
{
"acknowledgments": [
{
"names": [
"Bart Toersche"
],
"organization": "Simacan"
}
],
"cve": "CVE-2017-12160",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2017-08-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1484154"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: resource privilege extension via access token in oauth",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12160"
},
{
"category": "external",
"summary": "RHBZ#1484154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12160",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:42:35+00:00",
"details": "Before applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: resource privilege extension via access token in oauth"
},
{
"acknowledgments": [
{
"names": [
"Christian Heimes"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-12197",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2017-09-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1503103"
}
],
"notes": [
{
"category": "description",
"text": "It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpam4j: Account check bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12197"
},
{
"category": "external",
"summary": "RHBZ#1503103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12197",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12197"
}
],
"release_date": "2017-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-17T19:42:35+00:00",
"details": "Before applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpam4j: Account check bypass"
}
]
}
RHSA-2017:3141
Vulnerability from csaf_redhat - Published: 2017-11-07 17:23 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: rhvm-appliance security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for rhvm-appliance is now available for RHEV 4.X RHEV-H and Agents for RHEL-7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.
The following packages have been upgraded to a later upstream version: rhvm-appliance (20171019.0). (BZ#1496586)
Security Fix(es):
* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
* It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). (CVE-2017-7536)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525. The CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
5.1 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
6.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
19 references
Acknowledgments
NSFOCUS
Liao Xinxi
Red Hat
Gunnar Morling
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhvm-appliance is now available for RHEV 4.X RHEV-H and Agents for RHEL-7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nThe following packages have been upgraded to a later upstream version: rhvm-appliance (20171019.0). (BZ#1496586)\n\nSecurity Fix(es):\n\n* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\n* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). (CVE-2017-7536)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525. The CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3141",
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "1465573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
},
{
"category": "external",
"summary": "1496586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1496586"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3141.json"
}
],
"title": "Red Hat Security Advisory: rhvm-appliance security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T22:23:44+00:00",
"generator": {
"date": "2026-05-14T22:23:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:3141",
"initial_release_date": "2017-11-07T17:23:02+00:00",
"revision_history": [
{
"date": "2017-11-07T17:23:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-07T17:23:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"product": {
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"product_id": "rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.1.20171102.0-1.el7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"product": {
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"product_id": "rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.1.20171102.0-1.el7?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch"
},
"product_reference": "rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
},
"product_reference": "rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch"
},
"product_reference": "rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-1:4.1.20171102.0-1.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
},
"product_reference": "rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9970",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1455566"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jasypt: Vulnerable to timing attack against the password hash comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9970"
},
{
"category": "external",
"summary": "RHBZ#1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9970",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-07T17:23:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jasypt: Vulnerable to timing attack against the password hash comparison"
},
{
"acknowledgments": [
{
"names": [
"Liao Xinxi"
],
"organization": "NSFOCUS"
}
],
"cve": "CVE-2017-7525",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462702"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7525"
},
{
"category": "external",
"summary": "RHBZ#1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
}
],
"release_date": "2017-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-07T17:23:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"category": "workaround",
"details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper"
},
{
"acknowledgments": [
{
"names": [
"Gunnar Morling"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2017-7536",
"discovery_date": "2017-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1465573"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Privilege escalation when running under the security manager",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7536"
},
{
"category": "external",
"summary": "RHBZ#1465573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7536",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7536"
}
],
"release_date": "2017-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-07T17:23:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-1:4.1.20171102.0-1.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Privilege escalation when running under the security manager"
}
]
}
RHSA-2018:0294
Vulnerability from csaf_redhat - Published: 2018-02-12 17:19 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat JBoss Data Grid 7.1.2 security update
Severity
Important
Notes
Topic: Red Hat JBoss Data Grid 7.1.2 is now available for download from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan.
This release of Red Hat JBoss Data Grid 7.1.2 serves as a replacement for Red Hat JBoss Data Grid 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
* It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks. (CVE-2017-15089)
* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525 and Man Yue Mo (Semmle/lgtm.com) for reporting CVE-2017-15089.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
5.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 7.1.2
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:7.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 7.1.2
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:7.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 7.1.2
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:7.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
21 references
Acknowledgments
NSFOCUS
Liao Xinxi
Semmle/lgtm.com
Man Yue Mo
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Data Grid 7.1.2 is now available for download from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan.\n\nThis release of Red Hat JBoss Data Grid 7.1.2 serves as a replacement for Red Hat JBoss Data Grid 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\n* It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks. (CVE-2017-15089)\n\n* A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525 and Man Yue Mo (Semmle/lgtm.com) for reporting CVE-2017-15089.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0294",
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions\u0026version=7.1.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions\u0026version=7.1.2"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_data_grid/7.1/html/7.1.2_release_notes",
"url": "https://docs.redhat.com/en/documentation/red_hat_data_grid/7.1/html/7.1.2_release_notes"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/"
},
{
"category": "external",
"summary": "1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "1503610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503610"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0294.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Data Grid 7.1.2 security update",
"tracking": {
"current_release_date": "2026-05-14T22:23:44+00:00",
"generator": {
"date": "2026-05-14T22:23:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2018:0294",
"initial_release_date": "2018-02-12T17:19:54+00:00",
"revision_history": [
{
"date": "2018-02-12T17:19:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-12T21:16:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Data Grid 7.1.2",
"product": {
"name": "Red Hat Data Grid 7.1.2",
"product_id": "Red Hat Data Grid 7.1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Grid"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9970",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-05-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1455566"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jasypt: Vulnerable to timing attack against the password hash comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.1.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9970"
},
{
"category": "external",
"summary": "RHBZ#1455566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9970",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9970"
}
],
"release_date": "2017-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-12T17:19:54+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
"product_ids": [
"Red Hat Data Grid 7.1.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.1.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jasypt: Vulnerable to timing attack against the password hash comparison"
},
{
"acknowledgments": [
{
"names": [
"Liao Xinxi"
],
"organization": "NSFOCUS"
}
],
"cve": "CVE-2017-7525",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462702"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.1.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7525"
},
{
"category": "external",
"summary": "RHBZ#1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
}
],
"release_date": "2017-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-12T17:19:54+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
"product_ids": [
"Red Hat Data Grid 7.1.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"category": "workaround",
"details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat Data Grid 7.1.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.1.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper"
},
{
"acknowledgments": [
{
"names": [
"Man Yue Mo"
],
"organization": "Semmle/lgtm.com"
}
],
"cve": "CVE-2017-15089",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1503610"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan: Unsafe deserialization of malicious object injected into data cache",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.1.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15089"
},
{
"category": "external",
"summary": "RHBZ#1503610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503610"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15089"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15089",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15089"
}
],
"release_date": "2018-02-12T15:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-12T17:19:54+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
"product_ids": [
"Red Hat Data Grid 7.1.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.1.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "infinispan: Unsafe deserialization of malicious object injected into data cache"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…