Medium severity6.5NVD Advisory· Published Jul 26, 2018· Updated Jun 17, 2026
CVE-2017-2582
CVE-2017-2582
Description
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 2.5.1 | 2.5.1 |
Affected products
2Patches
Vulnerability mechanics
References
22- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchVendor Advisory
- github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237nvdPatchThird Party Advisory
- www.securityfocus.com/bid/101046nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041707nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2808nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:2809nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:2810nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:2811nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3216nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3217nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3218nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3219nvdVendor Advisory
- access.redhat.com/errata/RHSA-2017:3220nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:2740nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:2741nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:2742nvdVendor Advisory
- access.redhat.com/errata/RHSA-2018:2743nvdVendor Advisory
- github.com/advisories/GHSA-c77r-6f64-478qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-2582ghsaADVISORY
- access.redhat.com/errata/RHSA-2019:0136nvd
- access.redhat.com/errata/RHSA-2019:0137nvd
- access.redhat.com/errata/RHSA-2019:0139nvd
News mentions
0No linked articles in our index yet.