CVE-2017-2582

keycloak: SAML request parser replaces special strings with system properties

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

Se ha descubierto que cuando se analizan los mensajes SAML, la clase StaxParserUtil de keycloak en versiones anteriores a la 2.5.1 reemplaza cadenas especiales para obtener valores de atributos con la propiedad del sistema. Esto podría permitir que un atacante determine valores de las propiedades del sistema en el sistema atacado formateando el campo ID de petición SAML para que sea la propiedad del sistema elegida, la cual se puede obtener en el campo "InResponseTO" en la respuesta.

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-12-01 CVE Reserved
2017-09-26 CVE Published
2023-12-17 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-201: Insertion of Sensitive Information Into Sent Data

CAPEC

References (22)

URL	Tag	Source
http://www.securityfocus.com/bid/101046	Third Party Advisory
http://www.securitytracker.com/id/1041707	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582	2019-01-23
https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237	2019-01-23

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2017:2808	2019-01-23
https://access.redhat.com/errata/RHSA-2017:2809	2019-01-23
https://access.redhat.com/errata/RHSA-2017:2810	2019-01-23
https://access.redhat.com/errata/RHSA-2017:2811	2019-01-23
https://access.redhat.com/errata/RHSA-2017:3216	2019-01-23
https://access.redhat.com/errata/RHSA-2017:3217	2019-01-23
https://access.redhat.com/errata/RHSA-2017:3218	2019-01-23
https://access.redhat.com/errata/RHSA-2017:3219	2019-01-23
https://access.redhat.com/errata/RHSA-2017:3220	2019-01-23
https://access.redhat.com/errata/RHSA-2018:2740	2019-01-23
https://access.redhat.com/errata/RHSA-2018:2741	2019-01-23
https://access.redhat.com/errata/RHSA-2018:2742	2019-01-23
https://access.redhat.com/errata/RHSA-2018:2743	2019-01-23
https://access.redhat.com/errata/RHSA-2019:0136	2019-01-23
https://access.redhat.com/errata/RHSA-2019:0137	2019-01-23
https://access.redhat.com/errata/RHSA-2019:0139	2019-01-23
https://access.redhat.com/security/cve/CVE-2017-2582	2019-01-22
https://bugzilla.redhat.com/show_bug.cgi?id=1410481	2019-01-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"		Keycloak Search vendor "Redhat" for product "Keycloak"				< 2.5.1 Search vendor "Redhat" for product "Keycloak" and version " < 2.5.1"		-		Affected