CVE-2018-1000129
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000129
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000129.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-1000129
- Aliases
- Published
- 2018-03-14T13:29:00Z
- Modified
- 2025-10-28T23:56:50.779475Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
- References
Affected packages
Git / github.com/jolokia/jolokia
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jolokia/jolokia
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.80
v0.81
v0.82
v0.83
v0.90
v0.91
v0.95
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.4.0
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 1405.0,
"function_hash": "9101056780195105689920133383899428046"
},
"id": "CVE-2018-1000129-0048e600",
"signature_version": "v1",
"target": {
"function": "getDiscoveryRequestSetup",
"file": "agent/core/src/test/java/org/jolokia/http/AgentServletTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"line_hashes": [
"322579074830711164226773791865499204624",
"189530333012166654566602915798034352130",
"306423491282529189312106739647177880839",
"259859842179615747923413111175627510808",
"69620368231400835285696712560885807206",
"149313712084145230586326962979678089336",
"295388771877549977418559681537518765825",
"186380120627169719143814779174366309450",
"131149424061759048693215128520056287458",
"213237586619634623957501232443969987885",
"185737868763434592322467993731449362334",
"239133993715873104158459971400449695412",
"216135847001655948063772882668149046836",
"248825708073826894222007982378907792503",
"312797572052543304168913347663493369755",
"188476763488321601678444835619441637106",
"226131966385192981411437141245902152635",
"210892880344943549020616013610956749889",
"335530534240242085467588192130757930779",
"329389237566014223813045761243060814082",
"252151999791783203150675505654268341582",
"96719565643970355438540918716585321803",
"143966134788136765370517971805183702849",
"16928909982670677882773219120866201390",
"290901781272016592815164192211270355070",
"129542590537532731959952868876767820497",
"202814960352905072027872440581204394360",
"148079492397554292746581120871103176451",
"265080038802942667856771025826259334866",
"52047066003553578698499998192238594577",
"301249501783902903221702621835386937579",
"47319574122266361452121348993468076779",
"223085498940811731331867615267004949204"
],
"threshold": 0.9
},
"id": "CVE-2018-1000129-0a363c3f",
"signature_version": "v1",
"target": {
"file": "agent/core/src/main/java/org/jolokia/http/AgentServlet.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 627.0,
"function_hash": "318693816369166035080453627462080144436"
},
"id": "CVE-2018-1000129-3950972f",
"signature_version": "v1",
"target": {
"function": "handle",
"file": "agent/core/src/main/java/org/jolokia/http/AgentServlet.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"line_hashes": [
"139185877502046714325244808070405122169",
"279385843841075575978169075043478735727",
"69267569277709244185947320817078564806",
"32209790656384625764904978686685292125",
"331097791619726263950769105724946651235",
"311079486246782707659818065859473127759",
"199666665161127611945529724818868989093",
"286150243023442049833300263173999611672",
"37613195430094680050301250793175626423",
"101033525906028951742835252723874111545",
"170602002210268775604442384187007026184",
"270531560088762048219456239466125261542",
"299600780299719901107796902817784584384",
"260793016060752341367011178043949998693",
"42405328934602996883232985673382951680",
"130185908982787457428233159679101082675",
"151687224537737776528390342927588492446",
"264441864819777682271981259521613168497",
"188002597876702691823980583839838580068",
"9073344715051578852998543584689159933",
"17903697813419979356869670819986713136",
"121587391670071556234598171785476640948",
"192501316437810862462065871001941857859",
"159284052109742014227591084501594789933",
"49108499340008531001607933016019910202",
"248199188390185979360298832217961639029"
],
"threshold": 0.9
},
"id": "CVE-2018-1000129-3f2ff1d6",
"signature_version": "v1",
"target": {
"file": "agent/core/src/test/java/org/jolokia/http/AgentServletTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 517.0,
"function_hash": "176515373183824167771589970109166652662"
},
"id": "CVE-2018-1000129-4ec2b082",
"signature_version": "v1",
"target": {
"function": "sendStreamingResponse",
"file": "agent/jvm/src/main/java/org/jolokia/jvmagent/handler/JolokiaHttpHandler.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"line_hashes": [
"301954502973065940646504624872861875120",
"92458082184810938691960783790390537275",
"10868231959371407768640310267786566408",
"180518493518659246499941531007032751034",
"254429179852842707729772983358650024827",
"332889175936897901919091520693798026087",
"144681765056933479645312836678427262457",
"301081427366350833582536272637503154074",
"1342368364974942284101625098413771746",
"279177821797824943891303711844176138339",
"312765938797726340378032191272616305675",
"68048483911930171716616004505398968633",
"169085874185239899801460138444439657343",
"157365836075482152558320146484841620995",
"149382513596390492901920652508267179406",
"73257839641540469060443806442610120778",
"44487914402517661061431778606325471293",
"320555726524483358722809028902168335701",
"303672623282734745943271529362691655520",
"214141803145575229843556532138971899199",
"74812573416084759948185611009382294882",
"21244283739348405738651496313380610881",
"119668980241708692914013269020024092636",
"161912559410549300060696364894333789189",
"28190343666036167411889131187951065759",
"335856134958540948697803478001065451425",
"324720995121193233924201538644140388348",
"263083663737044535732847376474296455947",
"174419458231127260959960139037879985649",
"300165052430266612071486933217704679972"
],
"threshold": 0.9
},
"id": "CVE-2018-1000129-543ae629",
"signature_version": "v1",
"target": {
"file": "agent/jvm/src/main/java/org/jolokia/jvmagent/handler/JolokiaHttpHandler.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 166.0,
"function_hash": "155931549294997905269935090254874906723"
},
"id": "CVE-2018-1000129-60d9e064",
"signature_version": "v1",
"target": {
"function": "getMimeType",
"file": "agent/core/src/main/java/org/jolokia/http/AgentServlet.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 466.0,
"function_hash": "257338182400736283720558969940301469589"
},
"id": "CVE-2018-1000129-6a2d745d",
"signature_version": "v1",
"target": {
"function": "sendResponse",
"file": "agent/core/src/main/java/org/jolokia/http/AgentServlet.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"line_hashes": [
"128966036264653250021833138380838131029",
"220602111021858709995908895350384764140",
"293968631327864538848172684348141784459",
"212949425592525559176455072602133132945",
"283449627292906983725607372066729304880",
"336364982103558014850221698853929805537"
],
"threshold": 0.9
},
"id": "CVE-2018-1000129-6efc654e",
"signature_version": "v1",
"target": {
"file": "agent/jvm/src/test/java/org/jolokia/jvmagent/handler/JolokiaHttpHandlerTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 648.0,
"function_hash": "329720143229288237642001777985324975099"
},
"id": "CVE-2018-1000129-8693cdff",
"signature_version": "v1",
"target": {
"function": "initRequestResponseMocks",
"file": "agent/core/src/test/java/org/jolokia/http/AgentServletTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 641.0,
"function_hash": "10674157705063168995233629529946089205"
},
"id": "CVE-2018-1000129-8d5f2505",
"signature_version": "v1",
"target": {
"function": "withCallback",
"file": "agent/core/src/test/java/org/jolokia/http/AgentServletTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 693.0,
"function_hash": "210268741973837036099668555107674427325"
},
"id": "CVE-2018-1000129-93f95e6c",
"signature_version": "v1",
"target": {
"function": "sendAllJSON",
"file": "agent/jvm/src/main/java/org/jolokia/jvmagent/handler/JolokiaHttpHandler.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 1263.0,
"function_hash": "84765245254986071811334277203355841670"
},
"id": "CVE-2018-1000129-bce441b2",
"signature_version": "v1",
"target": {
"function": "run",
"file": "agent/core/src/test/java/org/jolokia/http/AgentServletTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 913.0,
"function_hash": "336846672887242153409891097757785601106"
},
"id": "CVE-2018-1000129-ccbf408b",
"signature_version": "v1",
"target": {
"function": "doHandle",
"file": "agent/jvm/src/main/java/org/jolokia/jvmagent/handler/JolokiaHttpHandler.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/jolokia/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f",
"digest": {
"length": 379.0,
"function_hash": "290356750051607027705265754031790392056"
},
"id": "CVE-2018-1000129-cfd75b21",
"signature_version": "v1",
"target": {
"function": "getMimeType",
"file": "agent/jvm/src/main/java/org/jolokia/jvmagent/handler/JolokiaHttpHandler.java"
}
}
]