CVE-2018-12537

MEDIUM

Eclipse Vert.x <3.5.1 - Code Injection

Title source: llm

Description

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

Exploits (2)

nomisec STUB

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2018-12537-vert.x-vulnerable

View Code ZIP pw:eip

nomisec STUB

by tafamace · poc

https://github.com/tafamace/CVE-2018-12537

View Code ZIP pw:eip

References (7)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2371

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:3768

[Issue Tracking, Third Party Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1591072

[Third Party Advisory] https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72

[Third Party Advisory] https://github.com/eclipse/vert.x/issues/2470

[Third Party Advisory] https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt

Scores

CVSS v3 5.3

EPSS 0.0129

EPSS Percentile 79.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-93 CWE-20

Status published

Affected Products (2)

eclipse/vert.x < 3.5.1

io.vertx/vertx-core < 3.5.2Maven

Timeline

Published Aug 14, 2018

Tracked Since Feb 18, 2026