Published: 14/03/2018 Updated: 08/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote malicious user to run arbitrary Java code on the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jolokia webarchive agent 1.3.7

Synopsis Important: Fuse 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...

A JNDI Injection vulnerability exists in Jolokia agent version 137 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server ...

Jolokia 100 JNDI Injection leading to RCE (CVE-2018-1000130) Working POC code for Jolokia RCE Steps to Reproduce: Clone the current Repository Edit the java file src/main/java/ExportObjectjava and enter the command that you wish to execute remotely Execute mvn clean install to build the jar file Execute java -jar RMIServer-010jar <server_ip>:port

CWE-74 https://jolokia.org/#Security_fixes_with_1.5.0 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2669 https://nvd.nist.gov

CVE-2018-1000130

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect