jolokia-acceslogvalve-rce: Jolokia write to RCE valve

日期: 2025-08-01 | 影响软件: jolokia | POC: 已公开

漏洞描述

RCE in Jolokia < 1.7.1 using AccesLogValve

PoC代码[已公开]

id: jolokia-acceslogvalve-rce

info:
  name: Jolokia write to RCE valve
  author: pathtaga
  severity: critical
  description: RCE in Jolokia < 1.7.1 using AccesLogValve
  tags: jolokia,rce,vuln
  reference:
    - https://github.com/laluka/jolokia-exploitation-toolkit
    - https://therealcoiffeur.github.io/c11011

http:
  - method: GET
    path:
      - "{{BaseURL}}/jolokia/list"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "\"host=localhost,name=AccessLogValve,type=Valve\""
# digest: 4a0a004730450221009b01a9f238075fe1ecbea57bb185a7a84605840acbc6bf34695b86dbed7c91db022065a20421ef4b689ea8bc3ccbde1f4a9d36ffe4d72976da670bb195321145e680:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/jolokia/jolokia-acceslogvalve-rce.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐