CVE-2018-1000129

MEDIUM NUCLEI

Jolokia 1.3.7-1.4.x - Cross-Site Scripting via HTTP Servlet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1000129. PoCs published by shoucheng3. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2018-1000129, which targets a vulnerability in Jolokia. The exploit appears to be a legitimate PoC, with code demonstrating the vulnerability in the Jolokia JVM agent.

Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Exploits (1)

nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/rhuss__jolokia_CVE-2018-1000129_1-4-0

This repository contains a proof-of-concept exploit for CVE-2018-1000129, which targets a vulnerability in Jolokia. The exploit appears to be a legitimate PoC, with code demonstrating the vulnerability in the Jolokia JVM agent.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Jolokia JVM Agent
No auth needed
Prerequisites: Access to a vulnerable Jolokia JVM Agent instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Jolokia 1.3.7 - Cross-Site Scripting
MEDIUMby mavericknerd,0h1in9e,daffainfo

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3817
Vendor Advisory x_refsource_confirm
https://jolokia.org/#Security_fixes_with_1.5.0
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2669

Scores

CVSS v3 6.1
EPSS 0.7678
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
jolokia/jolokia 1.3.7
org.jolokia/jolokia-core 1.3.7 - 1.5.0Maven
Published Mar 14, 2018
Tracked Since Feb 18, 2026