Merge pull request #185 from CraigDonkin/CraigDonkin-patch-1

Create CVE-2018-11759-Apache mod_jk access control bypass.bcheck
PortSwigger · Feb 29, 2024 · 2b24601 · 2b24601
2 parents a393f69 + a411cc5
commit 2b24601
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/vulnerabilities-CVEd/CVE-2018-11759-Apache mod_jk access control bypass.bcheck b/vulnerabilities-CVEd/CVE-2018-11759-Apache mod_jk access control bypass.bcheck
@@ -0,0 +1,25 @@
+metadata:
+    language: v2-beta
+    name: "CVE-2018-11759 - Apache mod_jk access control bypass"
+    description: "Checks for CVE-2018-11759 -Apache mod_jk access control bypass"
+    author: "CDonkin"
+    tags: "CVE-2018-11759", "mod_jk"
+
+run for each:
+    potential_path =
+        "/jkstatus",
+        "/jkstatus;"
+
+given host then
+    send request called check:
+        method: "GET"
+        path: {potential_path}
+
+    if "JK Status Manager" in {check.response.body} then
+        report issue:
+            severity: high
+            confidence: certain
+            detail: `jkstatus found at {potential_path}.`
+            remediation: "Apply the relevant patches"
+    end if
+