Skip to content
Nuclei Templates

JBoss WS JUDDI Console Panel - Detect

ID: jboss-juddi-panel

Severity: info

Author: DhiyaneshDk

Tags: panel,jboss,juddi,redhat

Description

Section titled “Description”

The jUDDI (Java Universal Description, Discovery and Integration) Registry is a core component of the JBoss Enterprise SOA Platform. It is the product’s default service registry and comes included as part of the product. In it are stored the addresses (end-point references) of all the services connected to the Enterprise Service Bus. It was implemented in JAXR and conforms to the UDDI specifications.

YAML Source

Section titled “YAML Source”
id: jboss-juddi-panel


info:
  name: JBoss WS JUDDI Console Panel - Detect
  author: DhiyaneshDk
  severity: info
  description: |
    The jUDDI (Java Universal Description, Discovery and Integration) Registry is a core component of the JBoss Enterprise SOA Platform. It is the product's default service registry and comes included as part of the product. In it are stored the addresses (end-point references) of all the services connected to the Enterprise Service Bus. It was implemented in JAXR and conforms to the UDDI specifications.
  remediation: Restrict access to the service if not needed.
  reference:
    - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/JBossJuddi.java
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:2.3:a:redhat:jboss_enterprise_web_platform:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: redhat
    product: jboss_enterprise_web_platform
    shodan-query:
      - html:"JBoss WS"
      - http.html:"jboss ws"
    fofa-query: body="jboss ws"
  tags: panel,jboss,juddi,redhat


http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/juddi/"


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "JBoss JUDDI"


      - type: word
        part: header
        words:
          - "text/html"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502200cabed9186fe5b614a6183765d856efa935eb59148ff97e5709b100fec88eb85022100c8980db211f533628618e8dc6e9b4e954a9be9e7bd43e9fb4707c6ab665254c5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/exposed-panels/jboss/jboss-juddi.yaml"

View on Github