CVE-2018-12540

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
Configurations

Configuration 1

cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*

Information

Published : 2018-07-12 02:29

Updated : 2020-09-08 10:15


NVD link : CVE-2018-12540

Mitre link : CVE-2018-12540

Products Affected
No products.
CWE