RH-SSO handles empty POST data incorrectly while invoking admin REST interfaces

Solution Verified - Updated -

Issue

  • When making POST requests to /users and /groups REST interfaces with empty data RH-SSO returns HTTP/1.1 500 Internal server error.

  • RH-SSO currently produces an uncaught java.lang.NullPointerException with empty POST data while invoking admin REST interfaces which is not just an extremely bad programming style but a sign for unwanted after effects.

  • RH-SSO is vulnerable against bad requests with none/empty post data.

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content