漏洞描述
The JBoss Web Service console discloses the details of the remote system, The console displays all the web services and exposed by the system leading to a potential information disclosure.
jboss-web-service: JBoss Web Service Console - Detect
PoC代码[已公开]
id: jboss-web-service
info:
name: JBoss Web Service Console - Detect
author: DhiyaneshDK
severity: low
description: |
The JBoss Web Service console discloses the details of the remote system, The console displays all the web services and exposed by the system leading to a potential information disclosure.
remediation: Restrict access to the ws service
reference:
- https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JBossWS.java
metadata:
verified: true
max-request: 1
shodan-query: html:"JBossWS"
tags: jboss,misconfig,vuln
http:
- method: GET
path:
- '{{BaseURL}}/jbossws/services'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'JBossWS/Services</div>'
case-insensitive: true
- type: word
part: body
words:
- 'no endpoints deployed'
negative: true
- type: status
status:
- 200
# digest: 490a004630440220336389f1e2293b8a77f0fde92209d8b288654ce855c494ed95bf06ac26ea26f702203f65c4797a59cfe6ed91ec7fbae6fadd7fd098dc2eba678c22b0faadc0e6e938:922c64590222798bb761d5b6d8e72950