← Zuruck zu CVEs
CVE-2018-12537
N/ABeschreibung
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht8/14/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
eclipse:vert.x
Schwachen (CWE)
CWE-93CWE-20
Referenzen
https://access.redhat.com/errata/RHSA-2018:2371(emo@eclipse.org)
https://access.redhat.com/errata/RHSA-2018:3768(emo@eclipse.org)
https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038(emo@eclipse.org)
https://bugzilla.redhat.com/show_bug.cgi?id=1591072(emo@eclipse.org)
https://github.com/eclipse/vert.x/issues/2470(emo@eclipse.org)
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt(emo@eclipse.org)
https://access.redhat.com/errata/RHSA-2018:2371(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3768(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1591072(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/eclipse/vert.x/issues/2470(af854a3a-2127-422b-91ae-364da2661108)
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.