CVEs-PoC/2018/CVE-2018-12540.md at 2ef066380cb36dba2e454190ca2349fcff6ca2df

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-22 18:09:40 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

POC

Reference

No PoCs from references.

Github

https://github.com/0xT11/CVE-POC
https://github.com/bernard-wagner/vertx-web-xsrf
https://github.com/tafamace/CVE-2018-12540

934 B Raw Blame History

CVE-2018-12540

Description

POC

Reference

Github

934 B

Raw Blame History