Description
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
Remediation
References
Related Vulnerabilities
WordPress Improper Privilege Management Vulnerability (CVE-2020-28035)
Oracle JRE CVE-2017-10293 Vulnerability (CVE-2017-10293)
PrestaShop Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-25170)
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.11.19)
Jetty Integer Overflow or Wraparound Vulnerability (CVE-2023-36478)