daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update java-melody-exposed.yaml 

Add description, references and tags
patch-1
Techbrunch 2021-04-14 18:15:35 +02:00 committed by GitHub
parent 5aa52a1760
commit 70fa457a16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
misconfiguration/java-melody-exposed.yaml
View File

@ -4,7 +4,11 @@ info:
name: JavaMelody Monitoring Exposed
author: dhiyaneshDK
severity: medium
tags: config
description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to “View http sessions”. This can be used by an attacker to steal a users session.
reference: |
- https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
- https://github.com/javamelody/javamelody/wiki/UserGuide#16-security
tags: config,jira,confluence,bamboo,atlassian
requests:
- method: GET
@ -19,4 +23,4 @@ requests:
- 'Monitoring JavaMelody on'
- type: status
status:
- 200
- 200