Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-1000129

Published: 14/03/2018 Updated: 07/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Jolokia

Vulnerability Summary

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an malicious user to execute malicious javascript in the victim's browser.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jolokia jolokia 1.3.7

Vendor Advisories

Red Hat: Important: Fuse 7.1 security update
Synopsis Important: Fuse 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R10 security and bug fix update
Synopsis Important: Red Hat JBoss Fuse/A-MQ 63 R10 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Fuse 63 and Red Hat JBoss A-MQ 63Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: CVE-2018-1000129
An XSS vulnerability exists in the Jolokia agent version 137 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser ...

Github Repositories

https://github.com/pyn3rd/Spring-Boot-Vulnerability

Spring Boot Vulnerability (Keep On Updating) 0x01 Spring Boot Actuator Exposed Actuator endpoints allow you to monitor and interact with your Spring application Spring Boot includes a number of built-in endpoints and you can also add your own For example the health endpoint provides basic application health information The following endpoints are available: /autoconfig - D

https://github.com/missme3f/resource

bash_profile :: Automated reconnaissance wrapper - collecting juicy data & vulnerable testing # Dependencies --> go binaries :: githubcom/missme3f/bin sudomy(bash), comb(go), cf-check(go), CORS-Scanner(go), dalfox(go), dnsprobe(go), ffuf(go), gowitness(go), gron(go), gau(go), gf(go), gospider(go), httpx(go), naabu(go), nuclei(go), meg(go), subjack(go),

https://github.com/pyn3rd/Spring-Boot-Vulnerability-DB

Spring Boot Vulnerability (Keep On Updating) 0x01 Spring Boot Actuator Exposed Actuator endpoints allow you to monitor and interact with your Spring application Spring Boot includes a number of built-in endpoints and you can also add your own For example the health endpoint provides basic application health information The following endpoints are available: /autoconfig - D

References

CWE-79https://jolokia.org/#Security_fixes_with_1.5.0https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748adhttps://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2018:3817https://access.redhat.com/errata/RHSA-2018:2669https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-1000129
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook