nuclei-templates/http/exposures/configs/jkstatus-manager.yaml

id: jkstatus-manager

info:
  name: JK Status Manager - Detect
  author: pdteam,DhiyaneshDk
  severity: low
  description: |
    Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server.    
  reference:
    - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java
  classification:
    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 8
    vendor: apache
    product: tomcat
    shodan-query: html:"JK Status Manager"
  tags: config,jk,status,exposure

http:
  - method: GET

    headers:
      X-Forwarded-For: "127.0.0.1"
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/status"
      - "{{BaseURL}}/jkstatus"
      - "{{BaseURL}}/jkstatus-auth"
      - "{{BaseURL}}/jk-status"
      - "{{BaseURL}}/jkmanager"
      - "{{BaseURL}}/jkmanager-auth"
      - "{{BaseURL}}/jdkstatus"

    stop-at-first-match: true
    matchers:
      - type: word
        words:
          - "JK Status Manager"
# digest: 4a0a00473045022100aac9605ef93d7a5ddc413542c841e5cf56e3dddaa37d975ac01dcc8036114bf602206f4219fea126234482022af47159d0ab79433dbbd7647b750a13593ed3627eb7:922c64590222798bb761d5b6d8e72950