Path Traversal Vulnerability in Eclipse Vert.x by Eclipse Foundation
CVE-2018-12542

9.8CRITICAL

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Vert.x
Vendor
CVE Published:
10 October 2018

What is CVE-2018-12542?

Eclipse Vert.x versions from 3.0.0 to 3.5.3 are vulnerable to a path traversal issue where the StaticHandler improperly processes external input for pathname construction. This oversight can lead to unauthorized access to files outside the intended directory on Windows operating systems by not adequately neutralizing certain slash sequences. This can expose sensitive data and increase the risk of system exploitation.

Affected Version(s)

Eclipse Vert.x 3.0

Eclipse Vert.x <= 3.5.3

References

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf...
mailing-listx_refsource_MLIST
https://github.com/vert-x3/vertx-web/issues/1025
x_refsource_CONFIRM
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vishwanath Viraktamath
.