CVE-2020-14359 - log back

CVE-2020-14359 edited at 19 Jan 2021 13:23:03
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A vulnerability was found in keycloak, where on using lower case HTTP headers (via cURL) a Gatekeeper can be bypassed. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when putting a Gatekeeper in front of a Jetty server and using lowercase headers.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1868591
+ https://issues.jboss.org/browse/KEYCLOAK-14090
CVE-2020-14359 created at 19 Jan 2021 13:18:06
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes