Lucene search
Veracode Vulnerability DatabaseVERACODE:6833HistoryJun 21, 2018 - 7:33 a.m.
CRLF Injection
2018-06-2107:33:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.004 Low
EPSS
Percentile
74.2%
Vert.x Core is vulnerable to CRLF injection. The injection is possible because it does not check to forbid the \r or \n characters in HTTP client requests and server responses.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vert.x core | le | 3.5.4 | |
| vert.x core | le | 3.4.2 |
References
access.redhat.com/errata/RHSA-2018:2371
access.redhat.com/errata/RHSA-2018:3768
bugs.eclipse.org/bugs/show_bug.cgi?id=536038
bugzilla.redhat.com/show_bug.cgi?id=1591072
github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72
github.com/eclipse/vert.x/issues/2470
www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt
Related
veracode
veracode
HTTP Header Injection
2017-08-28 08:57:16
redhatcve
redhatcve
CVE-2018-12537
2018-06-19 09:48:45
nvd
nvd
CVE-2018-12537
2018-08-14 19:29:00
cve
cve
CVE-2018-12537
2018-08-14 19:29:00
cvelist
cvelist
CVE-2018-12537
2018-08-14 19:00:00
osv
osv
Moderate severity vulnerability that affects io.vertx:vertx-core
2018-10-19 17:43:36
CVE-2018-12537
2018-08-14 19:29:00
prion
prion
Design/Logic Flaw
2018-08-14 19:29:00
github
github
Moderate severity vulnerability that affects io.vertx:vertx-core
2018-10-19 17:43:36
redhat
redhat