CVE-2017-2582: Infoleak
First published: Thu Jan 05 2017(Updated: )
It was found that Picketlink implementation replaces special strings for obtaining attribute values with system property values in SAML messages while parsing. An attacker can misuse this to determine values of system properties at the attacked system by formatting the SAML request ID field to the chosen system property name of his liking, obtaining the property value in "InResponseTo" field in the response. Upstream bug (for Keycloak): <a href="https://issues.jboss.org/browse/KEYCLOAK-4160">https://issues.jboss.org/browse/KEYCLOAK-4160</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.keycloak:keycloak-core | <2.5.1 | 2.5.1 |
| Redhat Keycloak | <2.5.1 | |
| Redhat Jboss Enterprise Application Platform | =6.0.0 | |
| Redhat Jboss Enterprise Application Platform | =6.4.0 | |
| Redhat Jboss Enterprise Application Platform | =7.0.0 | |
| Redhat Jboss Enterprise Application Platform | =7.1.0 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 |
Remedy
https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2017-2582
- https://github.com/advisories/GHSA-c77r-6f64-478q (Advisory)
- http://www.securityfocus.com/bid/101046
- http://www.securitytracker.com/id/1041707
- https://access.redhat.com/errata/RHSA-2017:2808
- https://access.redhat.com/errata/RHSA-2017:2809
- https://access.redhat.com/errata/RHSA-2017:2810
- https://access.redhat.com/errata/RHSA-2017:2811
- https://access.redhat.com/errata/RHSA-2017:3216
- https://access.redhat.com/errata/RHSA-2017:3217
- https://access.redhat.com/errata/RHSA-2017:3218
- https://access.redhat.com/errata/RHSA-2017:3219
- https://access.redhat.com/errata/RHSA-2017:3220
- https://access.redhat.com/errata/RHSA-2018:2740
- https://access.redhat.com/errata/RHSA-2018:2741
- https://access.redhat.com/errata/RHSA-2018:2742
- https://access.redhat.com/errata/RHSA-2018:2743
- https://access.redhat.com/errata/RHSA-2019:0136
- https://access.redhat.com/errata/RHSA-2019:0137
- https://access.redhat.com/errata/RHSA-2019:0139
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582
- https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237
- collector/github-advisory-latest
- alias/GHSA-c77r-6f64-478q
- alias/CVE-2017-2582
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/type
- agent/author
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- agent/references
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/maven
- vendor/redhat
- canonical/redhat keycloak
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/6.0.0
- version/redhat jboss enterprise application platform/6.4.0
- version/redhat jboss enterprise application platform/7.0.0
- version/redhat jboss enterprise application platform/7.1.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0