Описание
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | org.kie.kogito-kogito-apps | Fix deferred | ||
| Red Hat AMQ Broker 7 | jetty-servlets | Not affected | ||
| Red Hat Enterprise Linux 7 | jetty | Out of support scope | ||
| Red Hat Enterprise Linux 8 | jetty | Not affected | ||
| Red Hat Enterprise Linux 9 | jetty | Fix deferred | ||
| Red Hat JBoss A-MQ 6 | jetty-servlets | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | jetty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | jetty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | jetty | Not affected | ||
| Red Hat JBoss Fuse 6 | jetty-servlets | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS3
Связанные уязвимости
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
Eclipse Jetty Canonical Repository is the canonical repository for the ...
Jetty vulnerable to errant command quoting in CGI Servlet
Уязвимость контейнера сервлетов Eclipse Jetty, связанная с неправильной нейтрализацией синтаксиса цитирования, позволяющая нарушителю выполнить произвольный код
EPSS
3.5 Low
CVSS3