Path Traversal Vulnerability in Eclipse Vert.x by Eclipse Foundation
CVE-2018-12542

9.8CRITICAL

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Vert.x
Vendor: CVE Published:; 10 October 2018

What is CVE-2018-12542?

Eclipse Vert.x versions from 3.0.0 to 3.5.3 are vulnerable to a path traversal issue where the StaticHandler improperly processes external input for pathname construction. This oversight can lead to unauthorized access to files outside the intended directory on Windows operating systems by not adequately neutralizing certain slash sequences. This can expose sensitive data and increase the risk of system exploitation.

Affected Version(s)

Eclipse Vert.x 3.0

Eclipse Vert.x <= 3.5.3

References

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf...

mailing-listx_refsource_MLIST

https://github.com/vert-x3/vertx-web/issues/1025

x_refsource_CONFIRM

https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2018
Vulnerability Reserved
Jun 18, 2018

Credit

Vishwanath Viraktamath

The Eclipse Foundation

What is CVE-2018-12542?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit