漏洞描述
【漏洞对象】JavaMelody组件 【涉及版本】JavaMelody < 1.74.0 【漏洞描述】JavaMelody是一个用来对java应用进行监控的组件。通过该组件,用户可以以图表形式对内存,cpu,session,sql进行监控。由于其代码中的xml解析代码没有禁用外部实体解析,因此,很容易导致出现xxe漏洞。
SprintWeb的组件JavaMelody-XXE漏洞(CVE-2018-15531)
PoC代码
暂无相关漏洞推荐
-
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier... -
CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access POC
2025-09-01 | Apache Tomcat JK ConnectThe Apache Web Server (httpd) specific code that normalised the requested path before matching it to... -
CVE-2018-11776: Apache Struts2 S2-057 - Remote Code Execution POC
2025-09-01 | Apache Struts2Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution wh... -
CVE-2018-12634: CirCarLife Scada <4.3 - System Log Exposure POC
2025-09-01 | CirCarLife ScadaCirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct req...