{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-07T05:50:09.943","vulnerabilities":[{"cve":{"id":"CVE-2024-9666","sourceIdentifier":"secalert@redhat.com","published":"2024-11-25T08:15:10.943","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service.\nThe attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers."},{"lang":"es","value":"Se encontró una vulnerabilidad en el servidor Keycloak. El servidor Keycloak es vulnerable a un ataque de denegación de servicio (DoS) debido al manejo inadecuado de los encabezados de proxy. Cuando Keycloak está configurado para aceptar encabezados de proxy entrantes, puede aceptar valores que no sean IP, como identificadores ofuscados, sin una validación adecuada. Este problema puede generar costosas operaciones de resolución de DNS, que un atacante podría aprovechar para bloquear subprocesos de E/S y potencialmente causar una denegación de servicio. El atacante debe tener acceso para enviar solicitudes a una instancia de Keycloak que esté configurada para aceptar encabezados de proxy, específicamente cuando los servidores proxy inversos no sobrescriben los encabezados entrantes y Keycloak está configurado para confiar en estos encabezados."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:10175","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:10176","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:10177","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:10178","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-9666","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2317440","source":"secalert@redhat.com"}]}}]}