CVE-2018-12537

CVSS v3.0 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.42 % (75^th)

Affected Products 1

Advisories 1

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

Weaknesses

CWE-20: Improper Input Validation
CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

CVE Status: PUBLISHED
CNA: Eclipse Foundation
Published Date: 2018-08-14 19:29:00
(6 years ago)
Updated Date: 2019-10-09 23:34:02
(5 years ago)

Affected Products

Eclipse

Vert.x

Configuration #1

		CPE23	From	Up To
	Eclipse Vert.x from 3.0.0 version and 3.5.1 and prior versions	cpe:2.3:a:eclipse:vert.x	>= 3.0.0	<= 3.5.1