Search for vulnerabilities
Vulnerability details: VCID-prd7-wjzq-aaar
Vulnerability ID VCID-prd7-wjzq-aaar
Aliases CVE-2017-12159
GHSA-7fmw-85qm-h22p
Summary CVE-2017-12159 keycloak: CSRF token fixation
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-613 Insufficient Session Expiration
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2017:2904
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2017:2904
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2017:2905
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2017:2905
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2017:2906
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2017:2906
cvssv3 5.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01452 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01529 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
epss 0.01912 https://api.first.org/data/v1/epss?cve=CVE-2017-12159
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=1484111
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1484111
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-7fmw-85qm-h22p
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2017-12159
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-12159
cvssv3.1 7.5 https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
generic_textual HIGH https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2017:2904
https://access.redhat.com/errata/RHSA-2017:2905
https://access.redhat.com/errata/RHSA-2017:2906
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json
https://api.first.org/data/v1/epss?cve=CVE-2017-12159
https://bugzilla.redhat.com/show_bug.cgi?id=1484111
https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239
https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
http://www.securityfocus.com/bid/101601
cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*
CVE-2017-12159 https://nvd.nist.gov/vuln/detail/CVE-2017-12159
GHSA-7fmw-85qm-h22p https://github.com/advisories/GHSA-7fmw-85qm-h22p
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2017:2904
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2017:2905
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2017:2906
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1484111
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-12159
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-12159
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68511
EPSS Score 0.00289
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.