Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2024-2460.NASL
HistoryFeb 19, 2024 - 12:00 a.m.

Amazon Linux 2 : jetty (ALAS-2024-2460)

2024-02-1900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
amazon linux 2
jetty
vulnerability
http/1 header
patch
cve-2023-40167
nessus
scanner

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.6%

JSON

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2460 advisory.

  • Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. (CVE-2023-40167)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2024-2460.
##

include('compat.inc');

if (description)
{
  script_id(190690);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/19");

  script_cve_id("CVE-2023-40167");

  script_name(english:"Amazon Linux 2 : jetty (ALAS-2024-2460)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2460 advisory.

  - Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and
    12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This
    is more permissive than allowed by the RFC and other servers routinely reject such requests with 400
    responses. There is no known exploit scenario, but it is conceivable that request smuggling could result
    if jetty is used in combination with a server that does not close the connection after sending such a 400
    response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no
    workaround as there is no known exploit scenario. (CVE-2023-40167)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2024-2460.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-40167.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update jetty' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40167");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-annotations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-ant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-continuation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-deploy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-http");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-io");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-jaas");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-jaspi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-jmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-jndi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-jsp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-jspc-maven-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-maven-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-monitor");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-plus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-project");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-rewrite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-runner");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-security");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-servlet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-servlets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-start");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-util");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-util-ajax");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-websocket-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-websocket-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-websocket-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-websocket-parent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-websocket-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-websocket-servlet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jetty-xml");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'jetty-annotations-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-ant-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-client-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-continuation-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-deploy-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-http-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-io-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-jaas-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-jaspi-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-javadoc-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-jmx-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-jndi-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-jsp-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-jspc-maven-plugin-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-maven-plugin-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-monitor-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-plus-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-project-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-proxy-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-rewrite-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-runner-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-security-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-server-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-servlet-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-servlets-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-start-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-util-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-util-ajax-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-webapp-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-websocket-api-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-websocket-client-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-websocket-common-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-websocket-parent-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-websocket-server-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-websocket-servlet-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'jetty-xml-9.0.3-8.amzn2.0.3', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jetty-annotations / jetty-ant / jetty-client / etc");
}
VendorProductVersionCPE
amazonlinuxjetty-annotationsp-cpe:/a:amazon:linux:jetty-annotations
amazonlinuxjetty-antp-cpe:/a:amazon:linux:jetty-ant
amazonlinuxjetty-clientp-cpe:/a:amazon:linux:jetty-client
amazonlinuxjetty-continuationp-cpe:/a:amazon:linux:jetty-continuation
amazonlinuxjetty-deployp-cpe:/a:amazon:linux:jetty-deploy
amazonlinuxjetty-httpp-cpe:/a:amazon:linux:jetty-http
amazonlinuxjetty-iop-cpe:/a:amazon:linux:jetty-io
amazonlinuxjetty-jaasp-cpe:/a:amazon:linux:jetty-jaas
amazonlinuxjetty-jaspip-cpe:/a:amazon:linux:jetty-jaspi
amazonlinuxjetty-javadocp-cpe:/a:amazon:linux:jetty-javadoc
Rows per page:
1-10 of 371

Related

osv 4
amazon 1
ibm 38
openvas 6
debiancve 1
nvd 1
github 1
prion 1
cgr 1
cvelist 1
redhatcve 1
ubuntucve 1
cve 1
veracode 1
wolfi 1
redhat 10
redos 1
debian 2
nessus 9
oracle 3
osv
osv
CVE-2023-40167
2023-09-15 20:15:09
Jetty accepts "+" prefixed value in Content-Length
2023-09-14 16:17:27
jetty9 - security update
2023-09-30 00:00:00
amazon
amazon
Medium: jetty
2024-02-15 03:52:00
ibm
ibm
Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-40167].
2024-02-09 09:07:00
Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-40167]
2024-03-05 11:45:26
Security Bulletin: IBM Event Streams is vulnerable to HTTP request smuggling (CVE-2023-40167)
2024-03-15 06:17:49
openvas
openvas
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Linux
2023-09-19 00:00:00
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Windows
2023-09-19 00:00:00
Debian: Security Advisory (DLA-3592-1)
2023-10-02 00:00:00
debiancve
debiancve
CVE-2023-40167
2023-09-15 20:15:09
nvd
nvd
CVE-2023-40167
2023-09-15 20:15:09
github
github
Jetty accepts "+" prefixed value in Content-Length
2023-09-14 16:17:27
prion
prion
Design/Logic Flaw
2023-09-15 20:15:00
cgr
cgr
CVE-2023-40167 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length
2023-09-15 19:37:37
redhatcve
redhatcve
CVE-2023-40167
2023-09-22 20:25:01
ubuntucve
ubuntucve
CVE-2023-40167
2023-09-15 00:00:00
cve
cve
CVE-2023-40167
2023-09-15 20:15:09
veracode
veracode
HTTP Request Smuggling
2023-09-20 09:06:57
wolfi
wolfi
CVE-2023-40167 vulnerabilities
2024-06-11 21:08:03
redhat
redhat
(RHSA-2023:5780) Important: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
2023-10-17 11:41:34
(RHSA-2023:5946) Important: Red Hat AMQ Broker 7.11.3 release and security update
2023-10-19 18:59:57
(RHSA-2023:5441) Moderate: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update
2023-10-04 11:28:46
redos
redos
ROS-20240409-12
2024-04-09 00:00:00
debian
debian
[SECURITY] [DLA 3592-1] jetty9 security update
2023-09-30 12:36:17
[SECURITY] [DSA 5507-1] jetty9 security update
2023-09-28 22:37:26
nessus
nessus
Debian DLA-3592-1 : jetty9 - LTS security update
2023-10-01 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:4210-1)
2023-10-27 00:00:00
Debian DSA-5507-1 : jetty9 - security update
2023-09-29 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.6%

JSON
Related for AL2_ALAS-2024-2460.NASL
osv4amazon1ibm38openvas6debiancve1nvd1github1prion1cgr1cvelist1redhatcve1ubuntucve1cve1veracode1wolfi1redhat10redos1debian2nessus9oracle3