4 matches found
CVE-2018-12541
The CVE-2018-12541 vulnerability affects Eclipse Vert.x WebSocket HTTP upgrade: in versions 3.0.0–3.5.3, the upgrade path buffers the entire HTTP request (including the request body) in memory before performing the handshake. This behavior enables an attacker to potentially exhaust memory by send...
CVE-2018-12537
CVE-2018-12537 affects Eclipse Vert.x core: HTTP header processing in Vert.x HttpServer and HttpClient between Vert.x 3.0 and 3.5.1 does not filter CRLF characters, enabling injection of arbitrary HTTP headers in requests/responses. The issue stems from improper CRLF neutralization. Red Hat’s adv...
CVE-2018-12540
The CVE-2018-12540 entry refers to Eclipse Vert.x Vert.x-Web CSRFHandler: versions 3.0.0–3.5.2 do not verify that the XSRF cookie matches the returned XSRF header/form parameter, enabling replay attacks with non-expired tokens. Public sources (including Red Hat RHSA-2018:2371 and OSV/GHSA entries...
CVE-2018-12542
In Eclipse Vert.x 3.0.0–3.5.3, the StaticHandler reads external input to form a pathname and fails to neutralize backslash sequences on Windows, allowing path traversal to locations outside the intended restricted directory. This CVE is documented with a high/critical impact (CVE-2018-12542) and ...