CVE-2017-7474
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-7474
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对函数返回值的检查不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Keycloak Node.js adapter 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Keycloak Node.js adapter美国红帽(Red Hat)公司的一套开源的用于现代应用和服务中的身份验证和访问管理软件中的Node.js适配器。 Red Hat Keycloak Node.js adapter 2.5版本至3.0版本中存在安全漏洞,该漏洞源于程序没有正确的处理无效的令牌。攻击者可利用该漏洞绕过身份验证,获取被限制信息的访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat, Inc. | Keycloak Node.js adapter | 2.5 - 3.0 | - |
II. Public POCs for CVE-2017-7474
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-7474
Please Login to view more intelligence information
- https://bugzilla.redhat.com/show_bug.cgi?id=1445271x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2017-7474
IV. Related Vulnerabilities
Same weakness: CWE-253
- CVE-2026-43863
mutt<2.3.2 crypt-gpg.c无限循环漏洞 - CVE-2026-35340
uutils coreutils chown and chgrp False Success Exit Code in - CVE-2026-35339
uutils coreutils chmod False Success Exit Code in Recursive - CVE-2026-35091
Corosync: corosync: denial of service and information disclo - CVE-2026-0648
Eclipse ThreadX USBX 安全漏洞
V. Comments for CVE-2017-7474
No comments yet