CVE-2018-12542

CRITICAL

Eclipse Vert.x <3.5.3 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-12542. PoCs published by dawetmaster, andikahilmy, shoucheng3.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2018-12542, demonstrating a vulnerability in Vert.x Web's SockJS service proxy. The code includes examples and test cases that showcase the vulnerable service proxy implementation.

Description

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

Exploits (3)

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2018-12542-vertx-web-vulnerable

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2018-12542, demonstrating a vulnerability in Vert.x Web's SockJS service proxy. The code includes examples and test cases that showcase the vulnerable service proxy implementation.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Vert.x Web (SockJS service proxy)

No auth needed

Prerequisites: Vert.x Web with SockJS service proxy configured

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2018-12542-vertx-web-vulnerable

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2018-12542, demonstrating a vulnerability in Vert.x Web's SockJS service proxy. The code includes examples of service registration and SockJS bridge configuration, which can be used to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Vert.x Web (SockJS service proxy)

No auth needed

Prerequisites: Vert.x Web with SockJS service proxy enabled

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/vert-x3__vertx-web_CVE-2018-12542_3-5-3-CR1

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2018-12542, demonstrating how Vert.x SockJS Service Proxy can be exploited due to improper event bus bridge permissions. The example code shows how to register a service and configure the SockJS bridge to allow inbound/outbound traffic to a designated address, which could be abused for unauthorized access.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Vert.x SockJS Service Proxy (Vert.x Web) 3.5.3.CR1

No auth needed

Prerequisites: Access to the Vert.x event bus bridge · Knowledge of the target service address

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/vert-x3/vertx-web/issues/1025

Issue Tracking, Vendor Advisory x_refsource_confirm

https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171

Scores

CVSS v3 9.8

EPSS 0.0088

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (2)

eclipse/vert.x 3.0.0 - 3.5.3

io.vertx/vertx-web 3.0.0 - 3.5.4Maven

Published Oct 10, 2018

Tracked Since Feb 18, 2026