72 matches found
CVE-2026-1002
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response. Mitigation To mitigate this...
Linux Distros Unpatched Vulnerability : CVE-2026-1002
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request UR...
HTTP Request Smuggling
Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of / in the output buffer by removeDots function in Static Handler. An attacker can prevent access to stati...
Vert.x Web static handler component cache can be manipulated to deny the access to static files
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
GHSA-CPHF-4846-3XX9 Vert.x Web static handler component cache can be manipulated to deny the access to static files
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
CVE-2026-1002
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
CVE-2026-1002
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
CVE-2026-1002
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
CVE-2026-1002
CVE-2026-1002 affects the Vert.x Web static handler cache. The issue stems from an improper implementation of the RFC3986 C-rule (section 5.2.4), enabling an attacker to craft a URI (e.g., bar%2F..%2F) that can cause denial of access to static files served by the handler. Connected evidence indic...
CVE-2026-1002 Eclipse Vert.x Web static handler file access denial
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
CVE-2026-1002 Eclipse Vert.x Web static handler file access denial
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
EUVD-2026-2695
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
PT-2026-3133
Name of the Vulnerable Software and Affected Versions Vert.x versions affected versions not specified Description The Vert.x Web static handler component cache can be manipulated to deny access to static files served by the handler using specifically crafted request URIs. This is due to an improp...
GHSA-45P5-V273-3QQR Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names
Description - In the StaticHandlerImplsendDirectoryListing... method under the text/html branch, file and directory names are directly embedded into the href, title, and link text without proper HTML escaping. - As a result, in environments where an attacker can control file names, injecting...
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names
Description - In the StaticHandlerImplsendDirectoryListing... method under the text/html branch, file and directory names are directly embedded into the href, title, and link text without proper HTML escaping. - As a result, in environments where an attacker can control file names, injecting...
Cross-site Scripting (XSS)
Overview io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sendDirectoryListing in StaticHandlerImpl.java. An attacker can execute arbitrary JavaScript in the browser context of users viewing the director...
Files or Directories Accessible to External Parties
Overview io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via improper handling of hidden directories in the StaticHandler implementation when the setIncludeHiddenfalse configuration i...
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories
Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
EUVD-2021-0982
Malware in sbrugna...