Jolokia Agent - JNDI Code Injection

Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. id: CVE-2018-1000130 info: name: Jolokia Agent - JNDI Code Injection author: milo2012 severity: high description: | Jolokia agent i...

VulnCheck KEV: CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

GHSA-HFPG-GQJW-779M Cross-site Scripting in Jolokia agent

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Cross-site Scripting in Jolokia agent

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Injection in Jolokia agent

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

GHSA-RHQJ-4PP8-VVGF Injection in Jolokia agent

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

Jolokia Agent Cross-Site Scripting Vulnerability

Jolokia is a use of JSON via Http to achieve JMX remote management of open source projects , it provides JMX batch operation , security policies , etc. Jolokia agent is one of the agent . Jolokia agent 1.3.7 version of the HTTP servlet has a cross-site scripting vulnerability . A remote attacker...

Design/Logic Flaw

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Cross site scripting

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000129

CVE-2018-1000129 affects Jolokia 1.3.7, where the HTTP servlet is vulnerable to cross-site scripting (XSS). An attacker can cause the browser to execute arbitrary JavaScript, potentially hijacking sessions or accessing sensitive data. The issue is documented across multiple sources (NVD and secur...

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...