Description

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:2371

https://access.redhat.com/errata/RHSA-2018:3768

https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038

https://bugzilla.redhat.com/show_bug.cgi?id=1591072

https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72

https://github.com/eclipse/vert.x/issues/2470

https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt

Related Vulnerabilities

CVE-2017-5653 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-xml

CVE-2022-42467 Vulnerability in maven package org.apache.isis.core:isis-core-config

CVE-2022-31147 Vulnerability in maven package org.webjars.bower:jquery-validation

CVE-2018-1000620 Vulnerability in npm package cryptiles

CVE-2022-34113 Vulnerability in maven package io.dataease:dataease-plugin-common

Severity

Medium

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Third Party Advisory Issue Tracking