CSRF Vulnerability in Eclipse Vert.x 3.0.0 - 3.5.2
CVE-2018-12540 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
Learn more about our Web Application Penetration Testing UK.