Improper Handling of Length Parameter Inconsistency Affecting org.eclipse.jetty:jetty-http package, versions [9.0.0.M0,9.4.52.v20230823) [10.0.0,10.0.16) [11.0.0,11.0.16) [12.0.0,12.0.1)
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGECLIPSEJETTY-5902998
- published 15 Sep 2023
- disclosed 14 Sep 2023
- credit Keran Mu, Jianjun Chen
Introduced: 14 Sep 2023
CVE-2023-40167 Open this link in a new tabHow to fix?
Upgrade org.eclipse.jetty:jetty-http to version 9.4.52.v20230823, 10.0.16, 11.0.16, 12.0.1 or higher.
Overview
org.eclipse.jetty:jetty-http is an is a http module for jetty server.
Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via the HttpParser.java component due to accepting the + character proceeding the content-length value in a HTTP/1 header field. An attacker can use jetty in combination with a server that does not close the connection after rejecting such request and after sending a 400 response. This could result in request smuggling.
PoC
POST / HTTP/1.1
Host: a.com
Content-Length: +16
Connection: close
0123456789abcdef