cvelistv5 - cve-2018-12540

URL	Tags
emo@eclipse.org	https://access.redhat.com/errata/RHSA-2018:2371	Exploit, Third Party Advisory
emo@eclipse.org	https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948	Exploit, Vendor Advisory
emo@eclipse.org	https://lists.apache.org/thread.html/r10aef585c521f8ef603f5831f9d97a27d920624025131da950e0c62f%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r3fffda8e947edaa359152c8dc4c4ea9c96fd8ced1999bbce92bc6b25%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/r59482ebed302aa49ac7e0c51737499746b0d086fcdeb8f90e705951f%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.org	https://lists.apache.org/thread.html/rc5b4ae8a7caae6d3d5b3266cb050823b96dd62b30718b90b778d3d8b%40%3Ccommits.pulsar.apache.org%3E

▼	Vendor	Product
	The Eclipse Foundation	Eclipse Vert.x

rhsa-2018_2371

Vulnerability from csaf_redhat

Published

2018-08-09 14:39

Modified

2024-11-15 00:34

Summary

Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update

Notes

Topic

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. The RHOAR Eclipse Vert.x 3.5.3 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.1, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.3 release, see the release notes in the References section. Security Fix(es): * vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537) * vertx-web: Incomplete CSRF validation by CSRFHandler (CVE-2018-12540) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform.\n\nThe RHOAR Eclipse Vert.x 3.5.3 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.1, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.3 release, see the release notes in the References section.\n\nSecurity Fix(es):\n\n* vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537)\n\n* vertx-web: Incomplete CSRF validation by CSRFHandler (CVE-2018-12540)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:2371",
        "url": "https://access.redhat.com/errata/RHSA-2018:2371"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=3.5.3",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=3.5.3"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/"
      },
      {
        "category": "external",
        "summary": "1591072",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591072"
      },
      {
        "category": "external",
        "summary": "1600666",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600666"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2371.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-15T00:34:55+00:00",
      "generator": {
        "date": "2024-11-15T00:34:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:2371",
      "initial_release_date": "2018-08-09T14:39:35+00:00",
      "revision_history": [
        {
          "date": "2018-08-09T14:39:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-08-09T14:39:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T00:34:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Text-Only RHOAR",
                "product": {
                  "name": "Text-Only RHOAR",
                  "product_id": "Text-Only RHOAR",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Application Runtimes"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12537",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "discovery_date": "2018-06-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1591072"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While the affected artifact is being shipped in Fuse 6.3 via camel-vertx component, the vulnerable code is not being used, therefore Fuse 6.3 is not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only RHOAR"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-12537"
        },
        {
          "category": "external",
          "summary": "RHBZ#1591072",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591072"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12537",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12537"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12537",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12537"
        },
        {
          "category": "external",
          "summary": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt",
          "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt"
        }
      ],
      "release_date": "2018-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-08-09T14:39:35+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only RHOAR"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2371"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Text-Only RHOAR"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers"
    },
    {
      "cve": "CVE-2018-12540",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2018-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1600666"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vertx-web: Incomplete CSRF validation by CSRFHandler",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only RHOAR"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-12540"
        },
        {
          "category": "external",
          "summary": "RHBZ#1600666",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600666"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12540"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12540",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12540"
        }
      ],
      "release_date": "2018-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-08-09T14:39:35+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only RHOAR"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:2371"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Text-Only RHOAR"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vertx-web: Incomplete CSRF validation by CSRFHandler"
    }
  ]
}

ghsa-rvgg-f8qm-6h7j

Vulnerability from github

Published

2018-10-17 16:19

Modified

2024-04-12 21:17

Summary

High severity vulnerability that affects io.vertx:vertx-web

Details

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.vertx:vertx-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-12540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:55:57Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.",
  "id": "GHSA-rvgg-f8qm-6h7j",
  "modified": "2024-04-12T21:17:45Z",
  "published": "2018-10-17T16:19:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12540"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vert-x3/vertx-web/issues/970"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vert-x3/vertx-web/commit/f42b193b15a29b772fc576b2d0f2497e7474a7e"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2371"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-rvgg-f8qm-6h7j"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vert-x3/vertx-web"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r10aef585c521f8ef603f5831f9d97a27d920624025131da950e0c62f@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3fffda8e947edaa359152c8dc4c4ea9c96fd8ced1999bbce92bc6b25@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r59482ebed302aa49ac7e0c51737499746b0d086fcdeb8f90e705951f@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc5b4ae8a7caae6d3d5b3266cb050823b96dd62b30718b90b778d3d8b@%3Ccommits.pulsar.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "High severity vulnerability that affects io.vertx:vertx-web"
}

gsd-2018-12540

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Aliases

CVE-2018-12540

Aliases

CVE-2018-12540

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12540",
    "description": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.",
    "id": "GSD-2018-12540",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:2371"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12540"
      ],
      "details": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.",
      "id": "GSD-2018-12540",
      "modified": "2023-12-13T01:22:30.618275Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@eclipse.org",
        "ID": "CVE-2018-12540",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Eclipse Vert.x",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "3.0"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.5.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Eclipse Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948",
            "refsource": "CONFIRM",
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948"
          },
          {
            "name": "RHSA-2018:2371",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2371"
          },
          {
            "name": "[pulsar-commits] 20200828 [GitHub] [pulsar] klwilson227 opened a new issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r59482ebed302aa49ac7e0c51737499746b0d086fcdeb8f90e705951f@%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20200830 [GitHub] [pulsar] wolfstudy commented on issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3fffda8e947edaa359152c8dc4c4ea9c96fd8ced1999bbce92bc6b25@%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc5b4ae8a7caae6d3d5b3266cb050823b96dd62b30718b90b778d3d8b@%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20200908 [GitHub] [pulsar] wolfstudy closed issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r10aef585c521f8ef603f5831f9d97a27d920624025131da950e0c62f@%3Ccommits.pulsar.apache.org%3E"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[3.0.0,3.5.3)",
          "affected_versions": "All versions starting from 3.0.0 before 3.5.3",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-352",
            "CWE-352",
            "CWE-937"
          ],
          "date": "2021-01-08",
          "description": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.",
          "fixed_versions": [
            "3.5.3"
          ],
          "identifier": "CVE-2018-12540",
          "identifiers": [
            "GHSA-rvgg-f8qm-6h7j",
            "CVE-2018-12540"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.5.3",
          "package_slug": "maven/io.vertx/vertx-web",
          "pubdate": "2018-10-17",
          "solution": "Upgrade to version 3.5.3 or above.",
          "title": "Cross-Site Request Forgery (CSRF)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-12540",
            "https://access.redhat.com/errata/RHSA-2018:2371",
            "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948",
            "https://github.com/advisories/GHSA-rvgg-f8qm-6h7j",
            "https://lists.apache.org/thread.html/r10aef585c521f8ef603f5831f9d97a27d920624025131da950e0c62f@%3Ccommits.pulsar.apache.org%3E",
            "https://lists.apache.org/thread.html/r3fffda8e947edaa359152c8dc4c4ea9c96fd8ced1999bbce92bc6b25@%3Ccommits.pulsar.apache.org%3E",
            "https://lists.apache.org/thread.html/r59482ebed302aa49ac7e0c51737499746b0d086fcdeb8f90e705951f@%3Ccommits.pulsar.apache.org%3E",
            "https://lists.apache.org/thread.html/rc5b4ae8a7caae6d3d5b3266cb050823b96dd62b30718b90b778d3d8b@%3Ccommits.pulsar.apache.org%3E"
          ],
          "uuid": "a3b9cecb-0bf9-4933-97b4-4547d00332ba"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.5.2",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2018-12540"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948"
            },
            {
              "name": "RHSA-2018:2371",
              "refsource": "REDHAT",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2371"
            },
            {
              "name": "[pulsar-commits] 20200828 [GitHub] [pulsar] klwilson227 opened a new issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r59482ebed302aa49ac7e0c51737499746b0d086fcdeb8f90e705951f@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20200830 [GitHub] [pulsar] wolfstudy commented on issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r3fffda8e947edaa359152c8dc4c4ea9c96fd8ced1999bbce92bc6b25@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rc5b4ae8a7caae6d3d5b3266cb050823b96dd62b30718b90b778d3d8b@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20200908 [GitHub] [pulsar] wolfstudy closed issue #7931: CVE-2018-12540 pulsar use of io.vertx-web.jar vertx 3.4.1",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r10aef585c521f8ef603f5831f9d97a27d920624025131da950e0c62f@%3Ccommits.pulsar.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-09-08T10:15Z",
      "publishedDate": "2018-07-12T14:29Z"
    }
  }
}

cve-2018-12540

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2018-12540

Vulnerability from cvelistv5

rhsa-2018_2371

Vulnerability from csaf_redhat

ghsa-rvgg-f8qm-6h7j

Vulnerability from github

gsd-2018-12540

Vulnerability from gsd

Tags

Sightings

Nomenclature