CVE-2018-12537
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-12537
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12537.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-12537
- Aliases
- Published
- 2018-08-14T19:29:00Z
- Modified
- 2024-09-03T02:04:25.005743Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
- References
-
- https://access.redhat.com/errata/RHSA-2018:2371
- https://access.redhat.com/errata/RHSA-2018:3768
- https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038
- https://bugzilla.redhat.com/show_bug.cgi?id=1591072
- https://github.com/eclipse/vert.x/issues/2470
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt
Affected packages
Git / github.com/eclipse-vertx/vert.x
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse-vertx/vert.x
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/vert-x3/vertx-web
- Events
-
IntroducedLast affected
Affected versions
3.*
3.0.0
3.0.0-dev_preview1
3.0.0-milestone2
3.0.0-milestone3
3.0.0-milestone4
3.0.0-milestone5
3.0.0-milestone6
3.1.0
3.2.0
3.2.1
3.3.0
3.3.0.CR2
3.3.1
3.3.2
3.3.3
3.4.0
3.4.0.Beta1
3.4.1
3.4.2
3.5.0
3.5.0.Beta1
3.5.1
Other
Eclipse_Initial_Contribution_2
v2.*
v2.0.1-final
v2.1M1
v2.1M2
v2.1M3
v2.1M4
v2.1M5
v2.1RC1
v2.1RC2
v2.1RC3