CVE-2018-12537
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-12537
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Vert.x 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Vert.x是Eclipse基金会的一个用于在JVM上构建响应式应用程序的工具包,它主要用于构建网络实用程序、Web应用程序、HTTP/REST微服务等应用程序。 Eclipse Vert.x 3.0版本至3.5.1版本中存在安全漏洞,该漏洞源于程序没有过滤CR(回车)和LF(换行)字符。攻击者可利用该漏洞注入任意的HTTP响应。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Vert.x | 3.0 ~ unspecified | - |
II. Public POCs for CVE-2018-12537
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/tafamace/CVE-2018-12537 | POC Details |
| 2 | None | https://github.com/andikahilmy/CVE-2018-12537-vert.x-vulnerable | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-12537
Please Login to view more intelligence information
- https://bugzilla.redhat.com/show_bug.cgi?id=1591072x_refsource_CONFIRM
- https://github.com/eclipse/vert.x/issues/2470x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-12537
IV. Related Vulnerabilities
Same weakness: CWE-93
- CVE-2026-42257
net-imap: Command Injection via "raw" arguments to multiple - CVE-2026-41570
PHPUnit: Argument injection via newline in PHP INI values fo - CVE-2026-41417
Netty vulnerable to HTTP request smuggling and RTSP request - CVE-2026-39849
Pi-hole FTL remote code execution via newline injection in d - CVE-2026-34458
Sandboxie-Plus privilege escalation via INI CRLF injection b
V. Comments for CVE-2018-12537
No comments yet