{}

{}

{}

{"bugzilla": {"description": "org.keycloak:keycloak-quarkus-server: HTTP Metrics explosion", "id": "2328849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328849"}, "csaw": false, "cwe": "CWE-770", "details": ["[REJECTED CVE] A potential Denial of Service (DoS) vulnerability has been identified in Keycloak, which could allow any unauthorized user to disrupt the service. An attacker exploiting this issue can cause the Keycloak server to become unresponsive or crash, leading to service disruption for all legitimate users."], "name": "CVE-2024-11735", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Under investigation", "package_name": "org.keycloak/keycloak-quarkus-server", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}], "public_date": "2025-03-28T19:36:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11735\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11735"], "statement": "Red Hat Product Security has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}