CVE-2020-14359 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Insufficient validation |
| Description | A vulnerability was found in keycloak, where on using lower case HTTP headers (via cURL) a Gatekeeper can be bypassed. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when putting a Gatekeeper in front of a Jetty server and using lowercase headers. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1332 | keycloak | 15.0.2-1 | 16.0.0-1 | High | Fixed |
| References |
|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1868591 https://issues.jboss.org/browse/KEYCLOAK-14090 |