nuclei-templates/misconfiguration/java-melody-exposed.yaml

id: java-melody-exposed

info:
  name: JavaMelody Monitoring Exposed
  author: dhiyaneshDK
  severity: medium
  description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to “View http sessions”. This can be used by an attacker to steal a user’s session.
  reference: |
    - https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
    - https://github.com/javamelody/javamelody/wiki/UserGuide#16-security
  tags: config,jira,confluence,bamboo,atlassian

requests:
  - method: GET
    path:
      - '{{BaseURL}}/monitoring'
      - '{{BaseURL}}/..%3B/monitoring'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Monitoring JavaMelody on'
      - type: status
        status:
          - 200
-												Create java-melody-exposed.yaml
											
										
										
											2021-02-24 06:35:37 +00:00
+								id: java-melody-exposed
 								info:
 								  name: JavaMelody Monitoring Exposed
 								  author: dhiyaneshDK
-												misc changes

											
										
										
											2021-02-24 17:25:41 +00:00
+								  severity: medium
-												Update java-melody-exposed.yaml

Fix trailing whitespace
											
										
										
											2021-04-14 16:19:31 +00:00
+								  description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to “View http sessions”. This can be used by an attacker to steal a user’s session.
-												Update java-melody-exposed.yaml

Add description, references and tags
											
										
										
											2021-04-14 16:15:35 +00:00
+								  reference: |
 								    - https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
 								    - https://github.com/javamelody/javamelody/wiki/UserGuide#16-security
 								  tags: config,jira,confluence,bamboo,atlassian
-												Create java-melody-exposed.yaml
											
										
										
											2021-02-24 06:35:37 +00:00
 								requests:
 								  - method: GET
 								    path:
 								      - '{{BaseURL}}/monitoring'
 								      - '{{BaseURL}}/..%3B/monitoring'
-												misc changes

											
										
										
											2021-02-24 17:25:41 +00:00
+								    matchers-condition: and
-												Create java-melody-exposed.yaml
											
										
										
											2021-02-24 06:35:37 +00:00
+								    matchers:
 								      - type: word
 								        words:
 								          - 'Monitoring JavaMelody on'
-												misc changes

											
										
										
											2021-02-24 17:25:41 +00:00
+								      - type: status
 								        status:
-												Update java-melody-exposed.yaml

Add description, references and tags
											
										
										
											2021-04-14 16:15:35 +00:00
+								          - 200