CVE-2018-1000129
published 2018-03-14CVE-2018-1000129: An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's…
PriorityP349medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
25.46%
97.7th percentile
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jolokia | jolokia | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a GET request to /jolokia/read or /api/jolokia/read with the query parameter mimeType=text/html. A vulnerable instance will return HTTP 200 with Content-Type: text/html and a body containing both 'java.lang.IllegalArgumentException' and 'No type with name', indicating the JSON error response is rendered directly in the browser. ↗
- →The attack vector is the mimeType query parameter being set to text/html, which forces the browser to render the Jolokia JSON response as HTML, enabling reflected XSS via injected SVG/script payloads in the URI path. ↗
- →Observed XSS proof-of-concept payloads use SVG onload vectors appended to the Jolokia endpoint path combined with mimeType=text/html, e.g. /<path>%3Csvg%20onload=alert(...)%3E?mimeType=text/html ↗
- ·Red Hat assessed this as Low severity for several OpenStack Platform versions because, although the affected code is present, data returned by Jolokia is correctly processed by the consuming JavaScript library and invalid data is not used directly by the browser. ↗
- ·The Nuclei template uses stop-at-first-match across two probe paths (/api/jolokia/read and /jolokia/read), so detection tooling should probe both paths to maximise coverage. ↗
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jolokia: Cross site scripting in the HTTP servlet
vendor_redhat·2018-02-08·CVSS 6.1
CVE-2018-1000129 [MEDIUM] CWE-79 jolokia: Cross site scripting in the HTTP servlet
jolokia: Cross site scripting in the HTTP servlet
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Statement: Red Hat Product Security has rated this issue as having security impact of Low for:
* Red Hat OpenStack Platform 9.0 (Mitaka)
* Red Hat OpenStack Platform 10.0 (Newton)
* Red Hat OpenStack Platform 11.0 (Ocata)
* Red Hat OpenStack Platform 12.0 (Pike)
Although the affected code is present in shipped packages, data returned by Jolokia is correctly processed and invalid data is not used. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/update
OSV
Cross-site Scripting in Jolokia agent
osv·2022-05-14
CVE-2018-1000129 [MEDIUM] Cross-site Scripting in Jolokia agent
Cross-site Scripting in Jolokia agent
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
GHSA
Cross-site Scripting in Jolokia agent
ghsa·2022-05-14
CVE-2018-1000129 [MEDIUM] CWE-79 Cross-site Scripting in Jolokia agent
Cross-site Scripting in Jolokia agent
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
No detection rules found.
Nuclei
Jolokia 1.3.7 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2018-1000129 [MEDIUM] Jolokia 1.3.7 - Cross-Site Scripting
Jolokia 1.3.7 - Cross-Site Scripting
Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser.
Template:
id: CVE-2018-1000129
info:
name: Jolokia 1.3.7 - Cross-Site Scripting
author: mavericknerd,0h1in9e,daffainfo
severity: medium
description: |
Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Upgrade to a patched version of Jolokia or apply the necessary securit
HackerOne
[ CVE-2018-1000129 ] RXSS At `https://███████` via the URI
hackerone·2024-12-18·CVSS 6.1
CVE-2018-1000129 [MEDIUM] [ CVE-2018-1000129 ] RXSS At `https://███████` via the URI
[ CVE-2018-1000129 ] RXSS At `https://███████` via the URI
Hi `DOD` Team,
## System Host(s)
████████
CVE Numbers:
* # CVE-2018-1000129
# POC:
* https://█████%3Csvg%20onload=alert%28'1337'%29%3E?mimeType=text/html
* https://██████████%3Csvg%20onload=alert%28document.domain%29%3E?mimeType=text/html
* https://████████%3Csvg%20onload=alert%28document.cookie%29%3E?mimeType=text/html
* ████
## Impact
Attackers can execute scripts in a victim’s browser to steal the user's cookies, hijack user sessions, deface websites, insert hostile content, redirect users, hijack the user’s browser using malware, etc...
Thanks.
HackerOne
Jolokia Reflected XSS
hackerone·2022-10-27·CVSS 6.1
CVE-2018-1000129 [MEDIUM] Jolokia Reflected XSS
Jolokia Reflected XSS
## Summary:
(salam)
Hi team i hope you are well , after doing some recon on ███████ i saw that the website use jolkia 1.3.5 it's vulnerable to reflected XSS
## Steps To Reproduce:
1. Vuln Link : ████:
CVE-2018-1000129
Jolkia - Version
████████
##POC
█████████
## Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:
Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information that the user is able to modify.
Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
A Cross-S
Bugzilla
CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet
bugzilla·2018-03-22·CVSS 6.1
CVE-2018-1000129 [MEDIUM] CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet
CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet
An XSS attack can be performed by manipulating the mimeType query parameter to coerce the Web browser to display the JSON response directly. However, the Jolokia responses are not shown directly in the browser but used by a JavaScript library, which has to perform its own escaping of user provided response data.
External References:
https://jolokia.org/#Security_fixes_with_1.5.0
References:
https://snyk.io/vuln/SNYK-JAVA-ORGJOLOKIA-32136
Discussion:
Statement:
Red Hat Product Security has rated this issue as having security impact of Low for:
* Red Hat OpenStack Platform 9.0 (Mitaka)
* Red Hat OpenStack Platform 10.0 (Newton)
* Red Hat OpenStack Platform 11.0 (Ocata)
* Red Hat OpenStack Platform 12.0 (Pike)
Althoug
Greynoiseio
NoiseLetter March 2025
blogs_greynoiseio
NoiseLetter March 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
https://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2018:3817https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748adhttps://jolokia.org/#Security_fixes_with_1.5.0https://access.redhat.com/errata/RHSA-2018:2669https://access.redhat.com/errata/RHSA-2018:3817https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748adhttps://jolokia.org/#Security_fixes_with_1.5.0
2018-03-14
Published