CVE-2018-12537

MEDIUM

Eclipse Vert.x <3.5.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-12537. PoCs published by dawetmaster, andikahilmy, tafamace.

AI-analyzed exploit summary This repository contains generated source code and build documentation for Vert.x but lacks any exploit code or technical analysis related to CVE-2018-12537. It appears to be a placeholder or incomplete repository.

Description

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

Exploits (3)

nomisec STUB
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2018-12537-vert.x-vulnerable

This repository contains generated source code and build documentation for Vert.x but lacks any exploit code or technical analysis related to CVE-2018-12537. It appears to be a placeholder or incomplete repository.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Vert.x
No auth needed
Prerequisites: None
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec STUB
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2018-12537-vert.x-vulnerable

The repository contains generated source files and build documentation for Vert.x but lacks any exploit code or technical analysis related to CVE-2018-12537. It appears to be a placeholder or incomplete project.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Vert.x
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec STUB
by tafamace · poc
https://github.com/tafamace/CVE-2018-12537

The provided code is a simple Java stub that prints command-line arguments and does not demonstrate any exploit functionality for CVE-2018-12537. It lacks offensive techniques or vulnerability-specific logic.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: N/A
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2371
Third Party Advisory x_refsource_confirm
https://github.com/eclipse/vert.x/issues/2470
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3768
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1591072

Scores

CVSS v3 5.3
EPSS 0.0104
EPSS Percentile 77.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-93 CWE-20
Status published
Products (2)
eclipse/vert.x 3.0.0 - 3.5.1
io.vertx/vertx-core 3.0.0 - 3.5.2Maven
Published Aug 14, 2018
Tracked Since Feb 18, 2026