CVE-2021-34429 PoC — Eclipse Jetty 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-34429.yaml

Associated Vulnerability

Title:Eclipse Jetty 安全漏洞 (CVE-2021-34429)
Description:Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 9.4.37-9.4.42、10.0.1-10.0.5 和 11.0.1-11.0.5版本存在安全漏洞，攻击者可以使用一些编码字符制作 URI 来访问 WEB-INF 目录的内容或绕过一些安全限制。

Description

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

File Snapshot


 id: CVE-2021-34429

info:
  name: Eclipse Jetty - Information Disclosure
  author: bernardofsr,am0nt

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!