Classicvalues

**Name of the Vulnerable Software and Affected Versions** Vert.x versions (affected versions not specified) **Description** The Vert.x Web static handler component cache can be manipulated to deny access to static files served by the handler using specifically crafted request URIs. This is due to an improper implementation of RFC3986 section 5.2.4. An attacker can craft a request URI containing a string like `bar%2F..%2F` after the last `/` character to deny access to the URI, resulting in an HTTP 404 response. This can lead to a persistent Denial of Service for legitimate files. **Recommendations** Disable the Static Handler cache by setting `setCachingEnabled(false)` on the `StaticHandler` instance.