← Zuruck zu CVEs
CVE-2018-12541
MEDIUM6.5
Beschreibung
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht10/10/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
eclipse:vert.x
Schwachen (CWE)
CWE-789CWE-119
Referenzen
https://access.redhat.com/errata/RHSA-2018:2946(emo@eclipse.org)
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170(emo@eclipse.org)
https://github.com/eclipse-vertx/vert.x/issues/2648(emo@eclipse.org)
https://lists.apache.org/thread.html/r01123837ffbfdf5809e0a4ac354ad546e4ca8f18df89ee5a10eeb81b%40%3Cissues.bookkeeper.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r11789cd6d67ecca2d6f6bbb11e34495e68ee99287b6c59edf5b1a09c%40%3Ccommits.pulsar.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553%40%3Cissues.bookkeeper.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r344235b1aea2f7fa2381495df1d77d02b595e3d7e4626e701f7c1062%40%3Ccommits.pulsar.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r362835e6c7f34324ed24e318b363fcdd20cea91d0cea0b2e1164f73e%40%3Cissues.bookkeeper.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r3da899890536af744dec897fbc561fd9810ac45e79a16164b53c31b2%40%3Ccommits.pulsar.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r79789a0afb184abd13a2c07016e6e7ab8e64331f332b630bf82a2eed%40%3Ccommits.pulsar.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r8db0431ecf93f2dd2128db5ddca897b33ba883b7f126648d6a9e4c47%40%3Ccommits.pulsar.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/r98dc06e2b1c498d0e9eb5038d8e1aefd24e411e50522e7082dd9e0b7%40%3Ccommits.bookkeeper.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/rbdc279ecdb7ac496a03befb05a53605c4ce2b67e14f8f4df4cfa1203%40%3Cissues.bookkeeper.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/re5ddabee26fbcadc7254d03a5a073d64080a9389adc9e452529664ed%40%3Ccommits.pulsar.apache.org%3E(emo@eclipse.org)
https://lists.apache.org/thread.html/reb3cc4f3e10264896a541813c0030ec9d9466ba9b722fe5d4adc91cd%40%3Cissues.bookkeeper.apache.org%3E(emo@eclipse.org)
https://access.redhat.com/errata/RHSA-2018:2946(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/eclipse-vertx/vert.x/issues/2648(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r01123837ffbfdf5809e0a4ac354ad546e4ca8f18df89ee5a10eeb81b%40%3Cissues.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r11789cd6d67ecca2d6f6bbb11e34495e68ee99287b6c59edf5b1a09c%40%3Ccommits.pulsar.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553%40%3Cissues.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r344235b1aea2f7fa2381495df1d77d02b595e3d7e4626e701f7c1062%40%3Ccommits.pulsar.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r362835e6c7f34324ed24e318b363fcdd20cea91d0cea0b2e1164f73e%40%3Cissues.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r3da899890536af744dec897fbc561fd9810ac45e79a16164b53c31b2%40%3Ccommits.pulsar.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r79789a0afb184abd13a2c07016e6e7ab8e64331f332b630bf82a2eed%40%3Ccommits.pulsar.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8db0431ecf93f2dd2128db5ddca897b33ba883b7f126648d6a9e4c47%40%3Ccommits.pulsar.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r98dc06e2b1c498d0e9eb5038d8e1aefd24e411e50522e7082dd9e0b7%40%3Ccommits.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rbdc279ecdb7ac496a03befb05a53605c4ce2b67e14f8f4df4cfa1203%40%3Cissues.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/re5ddabee26fbcadc7254d03a5a073d64080a9389adc9e452529664ed%40%3Ccommits.pulsar.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/reb3cc4f3e10264896a541813c0030ec9d9466ba9b722fe5d4adc91cd%40%3Cissues.bookkeeper.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.