Vulnerability Details : CVE-2018-12537
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Vulnerability category: Input validation
Products affected by CVE-2018-12537
- cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12537
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12537
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2018-12537
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.Assigned by: emo@eclipse.org (Secondary)
References for CVE-2018-12537
-
https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72
Http header CR / LF validation - fixes #2470 · eclipse-vertx/vert.x@1bb6445 · GitHubThird Party Advisory
-
https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038
536038 – (CVE-2018-12537) CVE-2018-12537: vert.x: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headersIssue Tracking;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1591072
1591072 – (CVE-2018-12537) CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headersIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3768
RHSA-2018:3768 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/eclipse/vert.x/issues/2470
Http header CR / LF validation · Issue #2470 · eclipse-vertx/vert.x · GitHubThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2371
RHSA-2018:2371 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt
Third Party Advisory
Jump to