CVE-2018-12542

CRITICAL

Eclipse Vert.x <3.5.3 - Path Traversal

Title source: llm

Description

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

Exploits (3)

nomisec

by shoucheng3 · poc

https://github.com/shoucheng3/vert-x3__vertx-web_CVE-2018-12542_3_5_4_fixed

View on nomisec

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/vert-x3__vertx-web_CVE-2018-12542_3-5-3-CR1

View Code ZIP pw:eip

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2018-12542-vertx-web-vulnerable

View Code ZIP pw:eip

References (3)

[Issue Tracking, Vendor Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171

[Exploit, Vendor Advisory] https://github.com/vert-x3/vertx-web/issues/1025

[Mailing List] https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E

Scores

CVSS v3 9.8

EPSS 0.0093

EPSS Percentile 75.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-22

Status published

Affected Products (2)

eclipse/vert.x < 3.5.3

io.vertx/vertx-web < 3.5.4Maven

Timeline

Published Oct 10, 2018

Tracked Since Feb 18, 2026