SB2023091440 - Multiple vulnerabilities in Eclipse Jetty
Published: September 14, 2023 Updated: October 12, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Improper Authorization (CVE-ID: CVE-2023-41900)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to an error in the revocation process. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the current request will still treat the user as authenticated.
2) Input validation error (CVE-ID: CVE-2023-36479)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in org.eclipse.jetty.servlets.CGI Servlet when quoting a command before its execution. A remote user can force the application to execute arbitrary file on the server and potentially compromise the system.
3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-40167)
CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when handling the "+" character passed via the HTTP/1 header field. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
Remediation
Install update from vendor's website.
References
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
- https://github.com/jetty/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
- https://github.com/jetty/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
- https://github.com/jetty/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6