PT-2018-11241 · Eclipse · Eclipse Vert.X

Publicado

2018-08-14

Atualizado

2019-10-09

CVE-2018-12537

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 3.0 through 3.5.1

Description The issue allows unfiltered values to inject a new header in the client request or server response, as the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value.

Recommendations For Eclipse Vert.x versions 3.0 through 3.5.1, consider filtering carriage return and line feed characters from the header value to prevent injection of new headers in client requests or server responses. As a temporary workaround, restrict the use of sensitive headers until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-93

Identificadores relacionados

CVE-2018-12537

GHSA-6CW8-7J6C-HCCP

Produtos afetados

Eclipse Vert.X

PT-2018-11241 · Eclipse · Eclipse Vert.X

CVE-2018-12537

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11