.. / CVE-2018-1000130

Exploit for Jolokia Agent - JNDI Code Injection (CVE-2018-1000130)

Description:

Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode.

Nuclei Template

View the template here CVE-2018-1000130.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-1000130.yaml

References:

https://jolokia.org/#Security_fixes_with_1.5.0
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2018-1000130
https://access.redhat.com/errata/RHSA-2018:2669
https://github.com/SexyBeast233/SecBooks

.. / CVE-2018-1000130 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Jolokia Agent - JNDI Code Injection (CVE-2018-1000130)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-1000130