Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Detect Spring Gateway Actuator" module is designed to detect vulnerabilities in the Spring Gateway Actuator software. It focuses on identifying misconfigurations or potential security issues related to the exposure of sensitive environment variables. This module has a medium severity level and was authored by wdahlenb.
If a misconfiguration or vulnerability is detected in the Spring Gateway Actuator, it could potentially expose sensitive environment variables. This could lead to unauthorized access, data breaches, or other security incidents.
The "Detect Spring Gateway Actuator" module works by sending HTTP requests to specific endpoints ("/gateway/routes" and "/actuator/gateway/routes") of the Spring Gateway Actuator software. It then applies matching conditions to determine if the software is misconfigured or vulnerable.
Example HTTP request:
GET /gateway/routes
GET /actuator/gateway/routes
The module uses the following matching conditions:
- The response body must contain the words "predicate" and "route_id". - The request header must include the word "application/json". - The response status code must be 200.If all of these conditions are met, the module will report a potential vulnerability or misconfiguration in the Spring Gateway Actuator.
For more information, you can refer to the reference article.