CVE-2018-12540
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-12540
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Vert.x 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Vert.x是Eclipse基金会的一个用于在JVM上构建响应式应用程序的工具包,它主要用于构建网络实用程序、Web应用程序、HTTP/REST微服务等应用程序。 Eclipse Vert.x 3.0.0版本至3.5.2版本中存在安全漏洞,该漏洞源于CSRFHandler没有断言XSRF Cookie是否匹配返回的XSRF ‘header’/‘form’参数。攻击者可利用该漏洞实施重播攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Vert.x | 3.0 ~ unspecified | - |
II. Public POCs for CVE-2018-12540
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Vert.X CSRF Proof of Concept (CVE-2018-12540) | https://github.com/bernard-wagner/vertx-web-xsrf | POC Details |
| 2 | None | https://github.com/tafamace/CVE-2018-12540 | POC Details |
| 3 | None | https://github.com/andikahilmy/CVE-2018-12540-vertx-web-vulnerable | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-12540
Please Login to view more intelligence information
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-12540
IV. Related Vulnerabilities
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2018-12540
No comments yet