CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12540

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.026

EPSS Ranking 84.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2018-12540

Eclipse » Vert.x » Version: 3.0.0

cpe:2.3:a:eclipse:vert.x:3.0.0
Eclipse » Vert.x » Version: 3.1.0

cpe:2.3:a:eclipse:vert.x:3.1.0
Eclipse » Vert.x » Version: 3.2.0

cpe:2.3:a:eclipse:vert.x:3.2.0
Eclipse » Vert.x » Version: 3.2.1

cpe:2.3:a:eclipse:vert.x:3.2.1
Eclipse » Vert.x » Version: 3.3.0

cpe:2.3:a:eclipse:vert.x:3.3.0
Eclipse » Vert.x » Version: 3.3.1

cpe:2.3:a:eclipse:vert.x:3.3.1
Eclipse » Vert.x » Version: 3.3.2

cpe:2.3:a:eclipse:vert.x:3.3.2
Eclipse » Vert.x » Version: 3.3.3

cpe:2.3:a:eclipse:vert.x:3.3.3
Eclipse » Vert.x » Version: 3.4.0

cpe:2.3:a:eclipse:vert.x:3.4.0
Eclipse » Vert.x » Version: 3.4.1

cpe:2.3:a:eclipse:vert.x:3.4.1
Eclipse » Vert.x » Version: 3.4.2

cpe:2.3:a:eclipse:vert.x:3.4.2
Eclipse » Vert.x » Version: 3.5.0

cpe:2.3:a:eclipse:vert.x:3.5.0
Eclipse » Vert.x » Version: 3.5.1

cpe:2.3:a:eclipse:vert.x:3.5.1
Eclipse » Vert.x » Version: 3.5.2

cpe:2.3:a:eclipse:vert.x:3.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12540

Products

Pricing

Contact Us