Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Jolokia Java Heap Information Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#jolokia#disclosure#java
Description

Jolokia Java Heap Information Disclosure

What is the "Jolokia Java Heap Information Disclosure?"

The "Jolokia Java Heap Information Disclosure" module is designed to detect a specific misconfiguration vulnerability in the Jolokia software. Jolokia is a JMX-HTTP bridge that allows remote JMX (Java Management Extensions) clients to interact with Java applications over HTTP. This module focuses on identifying instances where the Jolokia server is misconfigured, leading to potential information disclosure.

This module has an informative severity level, meaning it provides valuable information but does not pose an immediate threat.

This module was authored by milo2012.

Impact

If the Jolokia Java Heap Information Disclosure vulnerability is present, an attacker may be able to gain unauthorized access to sensitive information stored in the Java heap. This could include sensitive data such as passwords, session tokens, or other confidential information.

How does the module work?

The module works by sending a specific HTTP request to the target server and analyzing the response for specific conditions. In this case, the module sends a POST request to the "/jolokia/" endpoint with a specific payload. It then checks the response body for the presence of the string "stacktrace\":\"java.io.IOException: No such file or directory". If this string is found, it indicates that the server is misconfigured and may be vulnerable to information disclosure.

It's important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and testing.

For example, the HTTP request sent by this module looks like:

POST /jolokia/ HTTP/1.1
Host: {%Hostname%}
Content-Type: application/x-www-form-urlencoded

{
   "type":"EXEC",
   "mbean":"com.sun.management:type=HotSpotDiagnostic",
   "operation":"dumpHeap",
   "arguments":[
      "/tmp1234/test1.hprof",
      0
   ]
}

The module's matching condition checks for the presence of the specific string in the response body, indicating a misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: stacktrace":"java.io.IOException: No suc...
Passive global matcher
No matching conditions.
On match action
Report vulnerability