Jetty HttpURI Authority Validation Flaw Enables Open Redirect/SSRF
CVE-2024-6763 Published on October 14, 2024

Jetty URI parsing of invalid authority
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.

Github Repository NVD

Vulnerability Analysis

CVE-2024-6763 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2024-6763. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.


Products Associated with CVE-2024-6763

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-6763 are published in these products:

Eclipse Jetty
 
Oracle
 
Red Hat Kafka
 

Affected Versions

Eclipse Foundation Jetty: eclipse jetty:

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-6763

Package Manager Vulnerable Package Versions Fixed In
maven org.eclipse.jetty:jetty-http >= 7.0.0, <= 12.0.11 12.0.12

Exploit Probability

EPSS
1.02%
Percentile
76.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.