Merge pull request #8547 from projectdiscovery/princechaddha-patch-1

fixed FP in CVE-2021-28164
2023-11-06 13:26:57 +05:30 · 2023-11-06 13:26:57 +05:30 · afdc163d23
parent 63c17894e6 a3e5df6df6
commit afdc163d23
1 changed files with 15 additions and 1 deletions
--- a/http/cves/2021/CVE-2021-28164.yaml
+++ b/http/cves/2021/CVE-2021-28164.yaml
@ -28,7 +28,22 @@ info:
    product: jetty
  tags: vulhub,cve,cve2021,jetty,packetstorm

+flow: http(1) && http(2)
+
 http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/WEB-INF/web.xml"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "</web-app>"
+          - "java.sun.com"
+        condition: and
+        negative: true
+
  - method: GET
    path:
      - "{{BaseURL}}/%2e/WEB-INF/web.xml"
@ -50,4 +65,3 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a00473045022003bd30c55fa8f2e8218980f1f802ddce02e1e25293900726d57eadc8c2759046022100fa7059b3d4b3cb1dad34c592c72b8dad29b0ba964e8b70f6521e92155b602359:922c64590222798bb761d5b6d8e72950