CVE-2018-12540

2018-07-12T18:19:11
ID RH:CVE-2018-12540
Type redhatcve
Reporter redhat.com
Modified 2020-08-18T10:26:46

Description

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.