CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "6.4.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.1.0"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type

GIT

Repo

https://github.com/keycloak/keycloak

Events

Introduced

Last affected

e6a274ea0e31c6572e795f3372f006c88122539b

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        }
    ]
}

Affected versions

1.*

1.0-alpha-1

1.0-alpha-1-12062013

1.0-alpha-2

1.0-alpha-3

1.0-beta-1

1.0-beta-2

1.0-beta-4

1.0-final

1.0-rc-1

1.0.0.Final

1.1.0.Beta2

1.3.0.Final

2.*

2.4.0.Test

7.*

7.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8627.json"