JK Status Manager - Detect
ID: jkstatus-manager
Severity: low
Author: pdteam,DhiyaneshDk
Tags: config,jk,status,exposure
Description
Section titled “Description”Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server.
YAML Source
Section titled “YAML Source”id: jkstatus-manager
info: name: JK Status Manager - Detect author: pdteam,DhiyaneshDk severity: low description: | Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server. reference: - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java classification: cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: verified: true max-request: 8 vendor: apache product: tomcat shodan-query: html:"JK Status Manager" tags: config,jk,status,exposure
http: - method: GET
headers: X-Forwarded-For: "127.0.0.1" path: - "{{BaseURL}}" - "{{BaseURL}}/status" - "{{BaseURL}}/jkstatus" - "{{BaseURL}}/jkstatus-auth" - "{{BaseURL}}/jk-status" - "{{BaseURL}}/jkmanager" - "{{BaseURL}}/jkmanager-auth" - "{{BaseURL}}/jdkstatus"
stop-at-first-match: true matchers: - type: word words: - "JK Status Manager"# digest: 4a0a00473045022041ca461f1fef79385869eb38985ccffd030163e7ed731689ac574231a3aa5bfb022100cf954c0586561b63f7a57ea99cc220fe1842fb65909e9a682e3dec7fc88c8746:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposures/configs/jkstatus-manager.yaml"