PT-2018-11243 · Eclipse · Eclipse Vert.X

Julien Viet

·

Publicado

2018-07-12

·

Atualizado

2020-09-08

·

CVE-2018-12540

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 3.0.0 through 3.5.2
Description The issue allows replay attacks with previously issued tokens that have not expired yet, due to the CSRFHandler not asserting that the XSRF Cookie matches the returned XSRF header or form parameter.
Recommendations For Eclipse Vert.x versions 3.0.0 through 3.5.2, consider disabling the CSRFHandler until a patch is available to prevent replay attacks. Restrict access to sensitive operations that rely on the XSRF token to minimize the risk of exploitation.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-12540
GHSA-RVGG-F8QM-6H7J

Produtos afetados

Eclipse Vert.X