CVE-2018-12544

CRITICAL

Eclipse Vert.x 3.5.Beta1-3.5.3 - XML External Entity Injection via OpenAPI XML Type Validator

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-12544. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2018-12544, demonstrating the vulnerability in Vert.x Web's SockJS service proxy. The code includes examples of service registration and SockJS bridge configuration, which can be used to exploit the vulnerability.

Description

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

Exploits (2)

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2018-12544-vertx-web-vulnerable

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2018-12544, demonstrating the vulnerability in Vert.x Web's SockJS service proxy. The code includes examples of service registration and SockJS bridge configuration, which can be used to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Vert.x Web (SockJS service proxy)

No auth needed

Prerequisites: Vert.x Web with SockJS service proxy enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2018-12544-vertx-web-vulnerable

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2018-12544, demonstrating a vulnerability in Vert.x Web's SockJS service proxy. The code includes examples of service registration and SockJS bridge configuration, which can be used to exploit improper input validation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Vert.x Web (SockJS service proxy)

No auth needed

Prerequisites: Vert.x Web with SockJS service proxy enabled · Network access to the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2946

Patch, Third Party Advisory x_refsource_confirm

https://github.com/vert-x3/vertx-web/issues/1021

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E

Scores

CVSS v3 9.8

EPSS 0.0059

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-611

Status published

Products (5)

eclipse/vert.x 3.5.0 (2 CPE variants)

eclipse/vert.x 3.5.1

eclipse/vert.x 3.5.2 (4 CPE variants)

eclipse/vert.x 3.5.3 (2 CPE variants)

io.vertx/vertx-core 3.5.0 - 3.5.4Maven

Published Oct 10, 2018

Tracked Since Feb 18, 2026