id: jkstatus-manager info: name: JK Status Manager - Detect author: pdteam,DhiyaneshDk severity: low description: | Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server. reference: - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java metadata: verified: true max-request: 8 shodan-query: html:"JK Status Manager" tags: config,jk,status,exposure http: - method: GET headers: X-Forwarded-For: "127.0.0.1" path: - "{{BaseURL}}" - "{{BaseURL}}/status" - "{{BaseURL}}/jkstatus" - "{{BaseURL}}/jkstatus-auth" - "{{BaseURL}}/jk-status" - "{{BaseURL}}/jkmanager" - "{{BaseURL}}/jkmanager-auth" - "{{BaseURL}}/jdkstatus" stop-at-first-match: true matchers: - type: word words: - "JK Status Manager" # digest: 4b0a00483046022100fb9a49e044929222a0a7bf7e45d32dc24c142324f769a1d53e1c7d698dd834ea022100bd3066f986a2ae6536450a05092b8164e0c0d241af46bfafbecdf12c3f709900:922c64590222798bb761d5b6d8e72950