VDB
CVE-2018-12537
CVE-2018-12537
PUBLISHED
Reported by eclipse · Published August 14, 2018
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Eclipse Foundation | Eclipse Vert.x | 3.0, unspecified |
| The Eclipse Foundation | Eclipse Vert.x | 3.0, unspecified, 3.0 |
| Maven | io.vertx:vertx-core | 3.0.0, 3.0.0 |
Exploit Intelligence
- tafamace/CVE-2018-12537 (github-poc-repo)
- tafamace/CVE-2018-12537 (github-poc-repo)
- tafamace/CVE-2018-12537 (github-poc-repo)
- tafamace/CVE-2018-12537 (github-poc-repo)
- tafamace/CVE-2018-12537 (github-poc-repo)
- tafamace/CVE-2018-12537 (github-poc)
- tafamace/CVE-2018-12537 (github-poc)
- tafamace/CVE-2018-12537 (github-poc)
- tafamace/CVE-2018-12537 (github-poc)
Timeline
- Aug 14, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- x_refsource_CONFIRM
- x_refsource_MISC
- RHSA-2018:2371 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- RHSA-2018:3768 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-12537 advisory
- https://github.com/advisories/GHSA-6cw8-7j6c-hccp advisory