JBoss Web Service Console - Detect
ID: jboss-web-service
Severity: low
Author: DhiyaneshDK
Tags: jboss,misconfig
Description
Section titled “Description”The JBoss Web Service console discloses the details of the remote system, The console displays all the web services and exposed by the system leading to a potential information disclosure.
YAML Source
Section titled “YAML Source”id: jboss-web-service
info: name: JBoss Web Service Console - Detect author: DhiyaneshDK severity: low description: | The JBoss Web Service console discloses the details of the remote system, The console displays all the web services and exposed by the system leading to a potential information disclosure. remediation: Restrict access to the ws service reference: - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JBossWS.java metadata: verified: true max-request: 1 shodan-query: html:"JBossWS" tags: jboss,misconfig
http: - method: GET path: - '{{BaseURL}}/jbossws/services'
matchers-condition: and matchers: - type: word part: body words: - 'JBossWS/Services</div>' case-insensitive: true
- type: word part: body words: - 'no endpoints deployed' negative: true
- type: status status: - 200# digest: 4a0a0047304502205eb051e4076885b34995d81de3975c8ce77d7db08d87096fa061106439474186022100e97403bd2085a6cf899205fc0eceb7b3f37aca8919b487f34cef3ee54b7b37ee:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/misconfiguration/jboss-web-service.yaml"