Security Advisory

OpenAM Security Advisory #201404

Last updated Jul 9, 2018

A security vulnerability have been discovered in the OpenAM Core Server.


1 reader recommends this article

November 5, 2014

A security vulnerability have been discovered in the OpenAM Core Server.

This advisory provides guidance on how to ensure your deployments can be secured.

The severity of the issue in this advisory is Critical. Deployers should take immediate steps as outlined in this advisory and apply the patch at the earliest opportunity.

Patch bundles are available through BackStage for the following versions:

  • 9.5.5
  • 10.0.0
  • 10.0.2
  • 11.0.0
  • 11.0.2

Issue #201404-01: Denial of Service vulnerability - CVE-2014-7246

Product OpenAM
Affected versions  9.5.3-9.5.5, 10.0.0-10.0.2, 10.1.0-Xpress, 11.0.0-11.0.2
Fixed versions N/A
Component Core Server, Server Only
Severity Critical
Issue Tracker ID OPENAM-4794

Description:

 In environments where more than one OpenAM server has been configured, it is possible that an authenticated attacker can construct and send a single request that triggers an infinite loop, occupying one or more instances in the deployment until the affected instances are restarted.

Workaround:

No workaround available.

Resolution:

Deploy the relevant patch bundle.



Copyright and TrademarksCopyright © 2018 ForgeRock, all rights reserved.
Loading...