Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2017:0873
HistoryApr 04, 2017 - 5:08 p.m.

(RHSA-2017:0873) Moderate: Red Hat Single Sign-On 7.1 update on RHEL 7

2017-04-0417:08:47
access.redhat.com
52

EPSS

0.011

Percentile

84.2%

JSON

Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.1 serves as a replacement for Red Hat Single Sign-On 7.0, and includes several bug fixes and enhancements. For further information regarding those, refer to the Release Notes linked to in the References section.

Security Fix(es):

  • It was found that keycloak did not correctly check permissions when handling service account user deletion requests sent to the REST server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm. (CVE-2016-8629)

  • It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack. (CVE-2016-9589)

  • It was found that keycloak’s implementation of HMAC verification for JWS tokens uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks. (CVE-2017-2585)

Red Hat would like to thank Gabriel Lavoie (Halogen Software) for reporting CVE-2016-9589 and Richard Kettelerij (Mindloops) for reporting CVE-2017-2585.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchrh-sso7-javapackages-tools< 3.4.1-5.15.3.jbcs.el7rh-sso7-javapackages-tools-3.4.1-5.15.3.jbcs.el7.noarch.rpm
RedHat7noarchrh-sso7-twitter4j-core< 4.0.4-1.redhat_3.1.jbcs.el7rh-sso7-twitter4j-core-4.0.4-1.redhat_3.1.jbcs.el7.noarch.rpm
RedHat7noarchrh-sso7-keycloak< 2.5.5-2.Final_redhat_1.1.jbcs.el7rh-sso7-keycloak-2.5.5-2.Final_redhat_1.1.jbcs.el7.noarch.rpm
RedHat7noarchrh-sso7-zxing-javase< 3.2.1-1.redhat_4.1.jbcs.el7rh-sso7-zxing-javase-3.2.1-1.redhat_4.1.jbcs.el7.noarch.rpm
RedHat7noarchrh-sso7-zxing-core< 3.2.1-1.redhat_4.1.jbcs.el7rh-sso7-zxing-core-3.2.1-1.redhat_4.1.jbcs.el7.noarch.rpm
RedHat7noarchrh-sso7-zxing< 3.2.1-1.redhat_4.1.jbcs.el7rh-sso7-zxing-3.2.1-1.redhat_4.1.jbcs.el7.noarch.rpm
RedHat7x86_64rh-sso7< 1-2.jbcs.el7rh-sso7-1-2.jbcs.el7.x86_64.rpm
RedHat7noarchrh-sso7-freemarker< 2.3.23-1.redhat_2.2.jbcs.el7rh-sso7-freemarker-2.3.23-1.redhat_2.2.jbcs.el7.noarch.rpm
RedHat7noarchrh-sso7-liquibase-core< 3.4.1-2.redhat_2.1.jbcs.el7rh-sso7-liquibase-core-3.4.1-2.redhat_2.1.jbcs.el7.noarch.rpm
RedHat7x86_64rh-sso7-runtime< 1-2.jbcs.el7rh-sso7-runtime-1-2.jbcs.el7.x86_64.rpm
Rows per page:
1-10 of 171

Related

nessus 8
redhat 10
prion 3
redhatcve 3
osv 6
cve 3
cvelist 3
veracode 4
nvd 3
github 3
nessus
nessus
RHEL 6 : Red Hat Single Sign-On 7.1 update on RHEL 6 (Moderate) (RHSA-2017:0872)
2018-09-06 00:00:00
RHEL 7 : Single Sign-On (RHSA-2017:0873)
2018-09-06 00:00:00
RHEL 6 / 7 : JBoss EAP (RHSA-2017:0834)
2018-09-04 00:00:00
redhat
redhat
(RHSA-2017:0872) Moderate: Red Hat Single Sign-On 7.1 update on RHEL 6
2017-04-04 17:08:32
(RHSA-2017:0876) Moderate: Red Hat Single Sign-On 7.1 update
2017-04-04 17:13:48
(RHSA-2017:0830) Moderate: Red Hat JBoss Enterprise Application Platform security update
2017-03-22 17:18:08
prion
prion
Design/Logic Flaw
2018-03-12 15:29:00
Design/Logic Flaw
2018-03-12 15:29:00
Design/Logic Flaw
2018-03-12 15:29:00
redhatcve
redhatcve
CVE-2016-9589
2019-10-08 03:39:37
CVE-2016-8629
2017-04-04 16:47:57
CVE-2017-2585
2017-04-04 16:48:04
osv
osv
CVE-2016-9589
2018-03-12 15:29:00
Red Hat Wildfly DoS
2022-05-13 01:38:28
CVE-2016-8629
2018-03-12 15:29:00
cve
cve
CVE-2016-9589
2018-03-12 15:29:00
CVE-2016-8629
2018-03-12 15:29:00
CVE-2017-2585
2018-03-12 15:29:00
cvelist
cvelist
CVE-2016-9589
2018-03-12 15:00:00
CVE-2016-8629
2018-03-12 15:00:00
CVE-2017-2585
2018-03-12 15:00:00
veracode
veracode
Denial Of Service (DoS)
2018-01-15 06:04:20
User Deletion Via Incorrect Permissions Check
2019-01-15 09:16:48
User Deletion Via Incorrect Permissions Check
2017-04-05 05:16:25
nvd
nvd
CVE-2016-9589
2018-03-12 15:29:00
CVE-2016-8629
2018-03-12 15:29:00
CVE-2017-2585
2018-03-12 15:29:00
github
github
Red Hat Wildfly DoS
2022-05-13 01:38:28
Moderate severity vulnerability that affects org.keycloak:keycloak-core
2018-10-18 16:48:01
keycloak-core vulnerable to timing attacks against JWS token verification
2018-10-18 16:47:41

EPSS

0.011

Percentile

84.2%

JSON
Related for RHSA-2017:0873
nessus8redhat10prion3redhatcve3osv6cve3cvelist3veracode4nvd3github3