Lucene search
+L

109 matches found

RedhatCVE
RedhatCVE
added 2018/10/11 1:19 p.m.27 views

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

6.5CVSS1.2AI score0.02652EPSS
Exploits0References2
NVD
NVD
added 2018/10/10 8:29 p.m.32 views

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

9.8CVSS9.4AI score0.02172EPSS
Exploits0References4
NVD
NVD
added 2018/10/10 8:29 p.m.24 views

CVE-2018-12542

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '' forward slashes sequences that can resolve to a location that is outside of that directory when...

9.8CVSS9.4AI score0.02286EPSS
Exploits1References3
Prion
Prion
added 2018/10/10 8:29 p.m.14 views

Design/Logic Flaw

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

7.5CVSS9.4AI score0.02172EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/10/10 8:29 p.m.18 views

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

6.5CVSS6.8AI score
Exploits0References16
NVD
NVD
added 2018/10/10 8:29 p.m.25 views

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

6.5CVSS6.5AI score0.02652EPSS
Exploits0References16
Prion
Prion
added 2018/10/10 8:29 p.m.13 views

Design/Logic Flaw

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '' forward slashes sequences that can resolve to a location that is outside of that directory when...

7.5CVSS9.3AI score0.02286EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/10/10 8:29 p.m.18 views

Design/Logic Flaw

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

4CVSS7.1AI score0.02652EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2018/10/10 8:29 p.m.13 views

CVE-2018-12542

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '' forward slashes sequences that can resolve to a location that is outside of that directory when...

9.8CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2018/10/10 8:29 p.m.11 views

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

9.8CVSS6.7AI score
Exploits0References4
Cvelist
Cvelist
added 2018/10/10 8:0 p.m.28 views

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

9.4AI score0.02172EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/10/10 8:0 p.m.23 views

CVE-2018-12542

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '' forward slashes sequences that can resolve to a location that is outside of that directory when...

9.5AI score0.02286EPSS
Exploits1References3
CVE
CVE
added 2018/10/10 8:0 p.m.89 views

CVE-2018-12544

CVE-2018-12544 affects Eclipse Vert.x OpenAPI XML type validator (versions 3.5.Beta1–3.5.3). The vulnerability stems from creating XML parsers without proper defenses against XML attacks, enabling XML External Entity (XXE) exploitation. Public references (Veracode, Red Hat advisory RHSA-2018:2946...

9.8CVSS9.3AI score0.02172EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/10/10 8:0 p.m.30 views

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

6.4AI score0.02652EPSS
Exploits0References16
CVE
CVE
added 2018/10/10 8:0 p.m.119 views

CVE-2018-12541

The CVE-2018-12541 vulnerability affects Eclipse Vert.x WebSocket HTTP upgrade: in versions 3.0.0–3.5.3, the upgrade path buffers the entire HTTP request (including the request body) in memory before performing the handshake. This behavior enables an attacker to potentially exhaust memory by send...

6.5CVSS6.3AI score0.02652EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2018/10/10 8:0 p.m.83 views

CVE-2018-12542

In Eclipse Vert.x 3.0.0–3.5.3, the StaticHandler reads external input to form a pathname and fails to neutralize backslash sequences on Windows, allowing path traversal to locations outside the intended restricted directory. This CVE is documented with a high/critical impact (CVE-2018-12542) and ...

9.8CVSS9.3AI score0.02286EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2018/08/28 12:0 a.m.4 views

Unspecified Vulnerability in Eclipse Vert.x (CNVD-2019-43402)

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM , which is mainly used to build applications such as network utilities , Web applications , HTTP/REST microservices and so on. A security vulnerability exists in Eclipse Vert.x that stems from the...

5.3CVSS9.3AI score0.02482EPSS
Exploits0References1
NVD
NVD
added 2018/08/14 7:29 p.m.42 views

CVE-2018-12537

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

5.3CVSS5.2AI score0.02482EPSS
Exploits0References7
Prion
Prion
added 2018/08/14 7:29 p.m.23 views

Design/Logic Flaw

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

5CVSS5.8AI score0.02482EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2018/08/14 7:29 p.m.23 views

CVE-2018-12537

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

5.3CVSS6.6AI score
Exploits0References7
Rows per page
Query Builder