CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-17640
https://notcve.org/view.php?id=CVE-2019-17640
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. En Eclipse Vert.x versiones 3.4.x hasta 3.9.4, versiones 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2 y 4.0.0.Beta3, StaticHandler no procesa correctamente las barras diagonales inversas en los sistemas operativos Windows, permitiendo escapar la carpeta webroot en el directorio de trabajo actual • https://bugs.eclipse.org/bugs/show_bug.cgi?id=567416 https://lists.apache.org/thread.html/r591f6932560c8c46cee87415afed92924a982189fea7f7c9096f8e33%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r8383b5e7344a8b872e430ad72241b84b83e9701d275c602cfe34a941%40%3Ccommits.servicecomb.apache.org%3E https://lists.apache.org/thread.html/r8d863b148efe778ce5f8f961d0cafeda399e681d3f0656233b4c5511%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E https:/&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-12544 – vertx: API Validation XML Schemas do not forbid file system access
https://notcve.org/view.php?id=CVE-2018-12544
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema. De la versión 3.5.Beta1 a la 3.5.3 de Eclipse Vert.x, el validador de tipos XML OpenAPI crea analizadores XML sin las medidas defensivas adecuadas contra ataques XML. Este mecanismo es exclusivo a cuando el desarrollador emplea el validador de tipos XML OpenAPI de Eclipse Vert.x para validar un esquema proporcionado. • https://access.redhat.com/errata/RHSA-2018:2946 https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568 https://github.com/vert-x3/vertx-web/issues/1021 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E https://access.redhat.com/security/cve/CVE-2018-12544 https://bugzilla.redhat.com/show_bug.cgi?id=1638384 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12541 – vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
https://notcve.org/view.php?id=CVE-2018-12541
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. De las versiones 3.0.0 a 3.5.3 de Eclipse Vert.x, la implementación de la actualización HTTP WebSocket almacena la petición HTTP completa antes de realizar el handshake, lo que mantiene todo el cuerpo de la petición en la memoria. Debería existir un límite razonable (8192 bytes) sobre el cual WebSocket obtiene una respuesta HTTP con el código de estado 413 y la conexión se cierra. • https://access.redhat.com/errata/RHSA-2018:2946 https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170 https://github.com/eclipse-vertx/vert.x/issues/2648 https://lists.apache.org/thread.html/r01123837ffbfdf5809e0a4ac354ad546e4ca8f18df89ee5a10eeb81b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r11789cd6d67ecca2d6f6bbb11e34495e68ee99287b6c59edf5b1a09c%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553%40%3Cissues.bookkeeper.apache.org%3E https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-12542
https://notcve.org/view.php?id=CVE-2018-12542
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems. De la versión 3.0.0 a la 3.5.3 de Eclipse Vert.x, StaticHandler emplea entradas externas para construir un nombre de ruta que debería estar en un directorio restringido, pero que no neutraliza correctamente secuencias de "\" (barras diagonales) que pueden resolverse en una ubicación fuera de ese directorio al ejecutarse en sistemas operativos Windows. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171 https://github.com/vert-x3/vertx-web/issues/1025 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12537 – vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers
https://notcve.org/view.php?id=CVE-2018-12537
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. En Eclipse Vert.x, de la versión 3.0 a la 3.5.1, las cabeceras de respuesta HttpServer y las cabeceras de petición HttpClient no filtran los retornos de carro y los caracteres de avance de línea desde el valor de la cabecera. Esto permite que los valores no filtrados inyecten una nueva cabecera en la petición del cliente o la respuesta del servidor. • https://github.com/tafamace/CVE-2018-12537 https://access.redhat.com/errata/RHSA-2018:2371 https://access.redhat.com/errata/RHSA-2018:3768 https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038 https://bugzilla.redhat.com/show_bug.cgi?id=1591072 https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72 https://github.com/eclipse/vert.x/issues/2470 https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt https://access.redhat. • CWE-20: Improper Input Validation CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •