Vulnerability Details : CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2017-12158
- cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12158
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12158
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2017-12158
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2017-12158
-
https://access.redhat.com/errata/RHSA-2017:2905
RHSA-2017:2905 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2904
RHSA-2017:2904 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2906
RHSA-2017:2906 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1489161
1489161 – (CVE-2017-12158) CVE-2017-12158 keycloak: reflected XSS using HOST headerIssue Tracking
-
http://www.securityfocus.com/bid/101618
JBoss KeyCloak CVE-2017-12158 Cross Site Scripting VulnerabilityThird Party Advisory;VDB Entry
Jump to