Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Liferay /api/jsonws - API Exposed" module is designed to detect the exposure of the Liferay API. Liferay is a software platform that provides a range of tools and features for building and managing web applications. This module focuses specifically on the /api/jsonws endpoint, which is used for accessing Liferay's JSON web services API.
This module has a low severity level, indicating that the detected vulnerability or misconfiguration may have limited impact or pose a lower risk.
This module was authored by DhiyaneshDk.
If the Liferay /api/jsonws API is exposed, it can potentially lead to security risks. Exposing APIs without proper authentication and authorization mechanisms can allow unauthorized access to sensitive data or enable malicious actors to exploit vulnerabilities in the API implementation.
The module works by sending a GET request to the /api/jsonws endpoint and applying a set of matching conditions to determine if the API is exposed.
Matching conditions:
- The response body must contain the string "<title>json-web-services-api</title>
".
- The response header must include the word "text/html
".
- The response status code must be 200
.
If all of these conditions are met, the module considers the API to be exposed.
Example HTTP request:
GET /api/jsonws
Note: The above example is a simplified representation of the HTTP request sent by the module.