Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Eclipse Vertx-web 跨站请求伪造漏洞
Vulnerability Description
Eclipse Vertx-web是Eclipse基金会的一个用于构建Web应用的框架。 Vert.x-Web framework v4.0 milestone 1-4 存在跨站请求伪造漏洞,该漏洞源程序没有执行正确的CSRF验证。它不是比较请求中的CSRF令牌与cookie中的CSRF令牌,而是比较cookie中的CSRF令牌与存储在会话中的CSRF令牌。攻击者可利用该漏洞甚至不需要在请求中提供CSRF令牌,导致CSRF攻击成功。
CVSS Information
N/A
Vulnerability Type
N/A