Description:

Vulnerability Finding Name: Red Hat Keycloak Quarkus Server Unspecified HTTP Metrics Handling Resource Consumption Remote DoS

Discussion: Red Hat Keycloak Quarkus Server Unspecified HTTP Metrics Handling Resource Consumption Remote DoS. Red Hat Keycloak contains an unspecified flaw related to handling HTTP metrics in the Quarkus Server component. This may allow an authenticated remote attacker to consume excessive resources leading to service disruption for all legitimate users.

Recommended Remediation:

For more information regarding this CVE, as well as, patch/remediation details, it is recommended to leverage the following resources:<br>https://web.nvd.nist.gov/view/vuln/search<br>https://www.cvedetails.com/<br>https://cve.mitre.org/<br>https://www.google.com/<br>Any vendor-specific sites or documentation

Product:

Red Hat [Keycloak (Unspecified)]

CVE-ID:    

CVE-2024-11735

CVSS Score: 4.0

All Supported release of Service Virtualization

This CVE has been rejected by RedHat Product Security, and been determined it doesn't fit the RedHat's vulnerability management policies.

"Red Hat Product Security has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations."

The full RedHat response can be found at https://access.redhat.com/security/cve/cve-2024-11735.