Detect Springboot Heapdump Actuator

What is the "Detect Springboot Heapdump Actuator" module?

The "Detect Springboot Heapdump Actuator" module is designed to identify the presence of a heap dump actuator in a Spring Boot application. Heap dump actuators are endpoints in the application that can be used to retrieve a heap dump of the Java Virtual Machine (JVM) memory. This module specifically targets Spring Boot applications and aims to detect any misconfigurations or vulnerabilities related to the heap dump actuator.

This module is classified as critical, indicating that any misconfiguration or vulnerability related to the heap dump actuator can have a significant impact on the security and performance of the Spring Boot application.

Impact

If the "Detect Springboot Heapdump Actuator" module detects the presence of a heap dump actuator, it indicates that the application may be exposing sensitive information about the JVM memory. This can potentially lead to unauthorized access or information leakage, posing a security risk to the application and its users.

How the module works?

The "Detect Springboot Heapdump Actuator" module works by sending HTTP requests to various endpoints commonly used for accessing the heap dump actuator in Spring Boot applications. It checks for specific conditions to determine if the actuator is present and if any misconfigurations or vulnerabilities exist.

Here is an example of an HTTP request template used by the module:

GET /heapdump

The module uses matching conditions to identify the presence of the heap dump actuator. It checks the response body for specific keywords such as "JAVA PROFILE" or "HPROF" to detect if the actuator is exposing heap dump information. Additionally, it checks the HTTP response status code, looking for a 200 or 206 status, which indicates a successful response.

By analyzing the responses and matching conditions, the module can accurately determine if the heap dump actuator is present and if any misconfigurations or vulnerabilities exist.