HouqiyuA · November 11, 2025 06:04
diff --git a/gistfile1.txt b/gistfile1.txt
 [Description]:
 An issue in petstore v1.0.7 allows a remote attacker to execute information disclosure via accessing a non-existent endpoint /cart. The server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version.

 [Vulnerability Type]:
 Information Disclosure Vulnerability

 [Vendor of Product]:
 https://github.com/swagger-api/swagger-petstore

 [Affected Product Code Base]:
 petstore - v1.0.7

 [Affected Component]:
 The vulnerability affects Jetty 9.4.53.v20231009 for Petstore v1.0.7 and discloses the Servlet name and server version, which could be used for vulnerability probing.

 [Attack Vectors]:
 1. The attacker sends a GET request to the /carts endpoint of Petstore v1.0.7.  
 2. The server returns a 404-error page that exposes sensitive information such as the Jetty version and default Servlet name.  
 3. The attacker can use this information for information gathering, e.g., identifying the backend technology stack and inferring the framework or middleware used.  
 4. If the specific Jetty version is known to be vulnerable, the attacker may attempt vulnerability chaining attacks, such as deserialization or directory traversal exploits.  

 [PoC]:
 https://gist.github.com/HouqiyuA/3c36f78e8de9f6a3cfb0959477c07443

 [Reference]:
 https://petstore3.swagger.io/#/pet/updatePet  
 https://github.com/swagger-api/swagger-petstore

 [CVE]:
 CVE-2025-29157
	[Description]:
	An issue in petstore v1.0.7 allows a remote attacker to execute information disclosure via accessing a non-existent endpoint /cart. The server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version.

	[Vulnerability Type]:
	Information Disclosure Vulnerability

	[Vendor of Product]:
	https://github.com/swagger-api/swagger-petstore

	[Affected Product Code Base]:
	petstore - v1.0.7

	[Affected Component]:
	The vulnerability affects Jetty 9.4.53.v20231009 for Petstore v1.0.7 and discloses the Servlet name and server version, which could be used for vulnerability probing.

	[Attack Vectors]:
	1. The attacker sends a GET request to the /carts endpoint of Petstore v1.0.7.
	2. The server returns a 404-error page that exposes sensitive information such as the Jetty version and default Servlet name.
	3. The attacker can use this information for information gathering, e.g., identifying the backend technology stack and inferring the framework or middleware used.
	4. If the specific Jetty version is known to be vulnerable, the attacker may attempt vulnerability chaining attacks, such as deserialization or directory traversal exploits.

	[PoC]:
	https://gist.github.com/HouqiyuA/3c36f78e8de9f6a3cfb0959477c07443

	[Reference]:
	https://petstore3.swagger.io/#/pet/updatePet
	https://github.com/swagger-api/swagger-petstore

	[CVE]:
	CVE-2025-29157
No results found