Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

JavaMelody Monitoring Exposed

By kannthu

Vidoc logoVidoc Module

What is "JavaMelody Monitoring Exposed?"

The "JavaMelody Monitoring Exposed" module is designed to detect the presence of JavaMelody, a monitoring tool used for Java or Java EE applications in QA and production environments. This module specifically targets web applications that have JavaMelody monitoring enabled. It is important to note that this module focuses on identifying misconfigurations rather than vulnerabilities. The severity of this module is classified as medium.


If the JavaMelody monitoring is exposed, it can potentially provide unauthorized access to sensitive information about the application's performance and usage. This can lead to a breach of confidentiality and compromise the security of the application.

How the module works?

The "JavaMelody Monitoring Exposed" module works by sending HTTP requests to specific paths, such as "/monitoring" and "/..%3B/monitoring". It then applies matching conditions to determine if the JavaMelody monitoring page is accessible. The matching conditions include checking for the presence of the phrase "Monitoring JavaMelody on" in the response and verifying that the HTTP status code is 200.

Here is an example of an HTTP request sent by the module:

GET /monitoring

The module checks if the response contains the phrase "Monitoring JavaMelody on" and if the HTTP status code is 200. If both conditions are met, the module identifies that the JavaMelody monitoring page is exposed.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Monitoring JavaMelody onand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability