ID CVE-2018-12540
Summary In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
Last major update 12-07-2018 - 10:29
Published 12-07-2018 - 10:29
Last modified 12-07-2018 - 10:29
Back to Top