You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description from CVE
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.
Explanation
The jetty-http package is vulnerable due to Improper Validation of Syntactic Correctness of Input. The constructor and parse() method of the HttpURI$Mutable class parses user info segments from URLs in a manner uncompliant with RFC9110. Consequently, invalid URLs parsed by the HttpURI utility may yield different hosts than those interpreted by specific browsers parsing identical URLs. A remote attacker can exploit this vulnerability to bypass validations performed on the HttpURI-parsed results of crafted URLs. This may allow the attacker to execute Open Redirect, Server-Side Request Forgery (SSRF), or other attacks against affected applications or their users.
Detection
The application is vulnerable by using the parsed results of this component's HttpURI utility in security-related contexts, such as filtering against deny lists.
Found security vulnerability CVE-2024-6763 with severity >= 4 (severity = 5.3)
Found security vulnerability CVE-2024-6763 with severity < 7 (severity = 5.3)
Depenency tree
--- org.eclipse.jetty:jetty-runner:11.0.24
+--- org.eclipse.jetty.websocket:websocket-jetty-server:11.0.24
| +--- org.eclipse.jetty.websocket:websocket-jetty-common:11.0.24
| | +--- org.eclipse.jetty.websocket:websocket-core-common:11.0.24
| | | +--- org.eclipse.jetty:jetty-http:11.0.24 (*)
--- org.eclipse.jetty:jetty-runner:11.0.24
+--- org.eclipse.jetty:jetty-annotations:11.0.24
| +--- jakarta.annotation:jakarta.annotation-api:2.1.1
| +--- org.eclipse.jetty:jetty-plus:11.0.24
| | +--- org.eclipse.jetty:jetty-webapp:11.0.24
| | | +--- org.eclipse.jetty:jetty-servlet:11.0.24
| | | | +--- org.eclipse.jetty:jetty-security:11.0.24
| | | | | +--- org.eclipse.jetty:jetty-server:11.0.24
| | | | | | +--- org.eclipse.jetty:jetty-http:11.0.24
+--- org.eclipse.jetty:jetty-jaas:11.0.24
| +--- org.eclipse.jetty:jetty-security:11.0.24
| | +--- org.eclipse.jetty:jetty-server:11.0.24
| | | +--- org.eclipse.jetty:jetty-http:11.0.24
Description from CVE
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.
Explanation
The jetty-http package is vulnerable due to Improper Validation of Syntactic Correctness of Input. The constructor and parse() method of the HttpURI$Mutable class parses user info segments from URLs in a manner uncompliant with RFC9110. Consequently, invalid URLs parsed by the HttpURI utility may yield different hosts than those interpreted by specific browsers parsing identical URLs. A remote attacker can exploit this vulnerability to bypass validations performed on the HttpURI-parsed results of crafted URLs. This may allow the attacker to execute Open Redirect, Server-Side Request Forgery (SSRF), or other attacks against affected applications or their users.
Detection
The application is vulnerable by using the parsed results of this component's HttpURI utility in security-related contexts, such as filtering against deny lists.
Reference: GHSA-qh8g-58pp-2wxh
The text was updated successfully, but these errors were encountered: