Описание
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Application Runtimes | vertx-web | Affected | ||
| Text-Only RHOAR | Fixed | RHSA-2018:2371 | 09.08.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1600666vertx-web: Incomplete CSRF validation by CSRFHandler
EPSS
Процентиль: 85%
0.02579
Низкий
6.8 Medium
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
github
больше 7 лет назад
High severity vulnerability that affects io.vertx:vertx-web
EPSS
Процентиль: 85%
0.02579
Низкий
6.8 Medium
CVSS3