CVE-2018-12537 is a vulnerability in Eclipse Vert X
Published on August 14, 2018
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Weakness Type
What is a CRLF Injection Vulnerability?
The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CVE-2018-12537 has been classified to as a CRLF Injection vulnerability or weakness.
Products Associated with CVE-2018-12537
Want to know whenever a new CVE is published for Eclipse Vert X? stack.watch will email you.
Affected Versions
The Eclipse Foundation Eclipse Vert.x:- Version 3.0 and below unspecified is affected.
- Version unspecified, <= 3.5.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.