id: jolokia-info-disclosure

info:
  name: Jolokia - Information disclosure
  author: pussycat0x
  severity: medium
  description: Jolokia - Information is exposed.
  reference:
    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
    - https://github.com/laluka/jolokia-exploitation-toolkit
  metadata:
    max-request: 16
  tags: jolokia,springboot,mbean,tomcat,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
      - "{{BaseURL}}/actuator/jolokia/read/java.lang:type=Memory"
      - "{{BaseURL}}/jolokia/read/java.lang:type=Memory"
      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"

    matchers-condition: or
    matchers:
      - type: word
        name: memory
        words:
          - '"mbean":"java.lang:type=Memory"'

      - type: word
        name: implementation-vendor
        words:
          - '"attribute":"ImplementationVendor"'

      - type: word
        name: implementation-version
        words:
          - '"attribute":"ImplementationVersion"'

      - type: word
        name: implementation-name
        words:
          - '"attribute":"ImplementationName"'

      - type: word
        name: specification-vendor
        words:
          - '"attribute":"SpecificationVendor"'

      - type: word
        name: mbean-serverid
        words:
          - '"attribute":"MBeanServerId"'

      - type: word
        name: specification-name
        words:
          - '"attribute":"SpecificationName"'

      - type: word
        name: specification-version
        words:
          - '"attribute":"SpecificationVersion'
# digest: 4a0a0047304502207984bf6600398a0c8338aa2a4956522136a6622c2a965d06c8d1aaf27b6b61b0022100a268e04e524bc184772b97a9486cdaea3d0284a2e621f37b339c5cd27a938723:922c64590222798bb761d5b6d8e72950