---

CVE-2020-14359 - log back

CVE-2020-14359 edited at 19 Jan 2021 13:23:03
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Insufficient validation
Description	+ A vulnerability was found in keycloak, where on using lower case HTTP headers (via cURL) a Gatekeeper can be bypassed. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when putting a Gatekeeper in front of a Jetty server and using lowercase headers.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1868591 + https://issues.jboss.org/browse/KEYCLOAK-14090

CVE-2020-14359 created at 19 Jan 2021 13:18:06
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes