Exploitation Summary
EIP tracks 4 public exploits for CVE-2021-28164.
PoCs published by Mayank Deshmukh, jammy0903, dyeat, including Metasploit module auxiliary/gather/jetty_web_inf_disclosure.
A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Jetty 9.4.37.v20210219 and 9.4.38.v20210224 by accessing the web.xml file via a path traversal attack using URL encoding.
Description
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
Exploits (4)
This exploit demonstrates an information disclosure vulnerability in Jetty 9.4.37.v20210219 and 9.4.38.v20210224 by accessing the web.xml file via a path traversal attack using URL encoding.
The repository contains only a minimal README with a title and a brief description in Korean, indicating an analysis of CVE-2021-28164 but no actual exploit code or technical details.
The repository contains a Python script that scans for path traversal vulnerabilities in Eclipse Jetty by testing various encoded payloads. It checks for the presence of vulnerable paths but does not exploit them further.
This Metasploit module exploits a path traversal vulnerability in Jetty to disclose files in the WEB-INF directory by leveraging encoded URIs. It supports two CVEs (CVE-2021-28164 and CVE-2021-34429) and retrieves files like web.xml.
Nuclei Templates (1)
cpe:"cpe:2.3:a:eclipse:jetty"
References (25)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N