CSRF Vulnerability in Eclipse Vert.x 3.0.0 - 3.5.2

CSRF Vulnerability in Eclipse Vert.x 3.0.0 - 3.5.2

CVE-2018-12540 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Learn more about our Web Application Penetration Testing UK.