id: jkstatus-manager info: name: JK Status Manager - Detect author: pdteam,DhiyaneshDk severity: low description: | Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server. reference: - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java classification: cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: verified: true max-request: 8 vendor: apache product: tomcat shodan-query: html:"JK Status Manager" tags: config,jk,status,exposure http: - method: GET headers: X-Forwarded-For: "127.0.0.1" path: - "{{BaseURL}}" - "{{BaseURL}}/status" - "{{BaseURL}}/jkstatus" - "{{BaseURL}}/jkstatus-auth" - "{{BaseURL}}/jk-status" - "{{BaseURL}}/jkmanager" - "{{BaseURL}}/jkmanager-auth" - "{{BaseURL}}/jdkstatus" stop-at-first-match: true matchers: - type: word words: - "JK Status Manager" # digest: 490a0046304402205bc0be4fe64354ab625e609d9b1de733811c19aee5c839064f3ee13fe5f1a9d702206e4a116fd9cd36ff0920b8589a6fdbb374ed0d8537cfeaf33faf2e63d21f1d3a:922c64590222798bb761d5b6d8e72950