Keycloak is prone to a security-bypass vulnerability.
An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Information
Bugtraq ID: | 97392 | Class: | Design Error | CVE: | CVE-2016-8629 | Remote: | Yes | Local: | No | Published: | Apr 04 2017 12:00AM | Updated: | Apr 18 2017 01:04AM | Credit: | Chess Hazlett | Vulnerable: | Redhat Single Sign-On 7.1 for RHEL 7 Serve + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Redhat Single Sign-On 7.1 for RHEL 6 Serve + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Redhat Single Sign-On 7.1 + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Redhat Single Sign-On 7.0 for RHEL 7 Serve + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Redhat Single Sign-On 7.0 for RHEL 6 Serve + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Redhat Single Sign-On 7.0 + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Redhat keycloak 0 | | Not Vulnerable: | Redhat Single Sign-On 7.1 for RHEL 6 Server 0 Redhat Single Sign-On 7.1 for RHEL 7 Serve + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha Redhat Single Sign-On 7.1 + Redhat Linux 6.2 E sparc + Redhat Linux 6.2 E i386 + Redhat Linux 6.2 E alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha |