CVE-2018-12540 - AskarLabs CVE Database

CVE-2018-12540

Vendor The Eclipse Foundation

Product Eclipse Vert.x

Weakness CWE-352 · CSRF

Published July 12, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Key dates

02Disclosure timeline

July 12, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-12540 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-37511 WordPress Swift Performance Lite plugin <= 2.3.6.20 - Cross Site Request Forgery (CSRF) vulnerability CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php CVE-2023-2717 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins CVE-2025-23805 WordPress SEOReseller Partner plugin <= 1.3.15 - CSRF to Stored XSS vulnerability

Identifiers

CVE CVE-2018-12540

CWE CWE-352

Affected versions

Vendor The Eclipse Foundation

Product Eclipse Vert.x

Affected ≥ 3.0 and < unspecified

Vendor The Eclipse Foundation

Product Eclipse Vert.x

Affected ≥ unspecified and ≤ 3.5.2