CVE-2024-11734

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:0299
https://access.redhat.com/errata/RHSA-2025:0300
https://access.redhat.com/security/cve/CVE-2024-11734
https://bugzilla.redhat.com/show_bug.cgi?id=2328846

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad de denegación de servicio en Keycloak que podría permitir que un usuario administrativo con derecho a cambiar la configuración del dominio interrumpa el servicio. Esta acción se realiza modificando cualquiera de los encabezados de seguridad e insertando nuevas líneas, lo que hace que el servidor de Keycloak escriba en una solicitud que ya se ha finalizado, lo que provoca el fracaso de dicha solicitud.

14 Jan 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 09:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-11734

Mitre link : CVE-2024-11734

CVE.ORG link : CVE-2024-11734

JSON object : View

Products Affected

No product.

CWE

CWE-693

Protection Mechanism Failure

6.5 /10