Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Detect Springboot Beans Actuator" module is designed to detect the presence of Spring beans in a Spring Boot application. It specifically targets applications running on the Spring Boot framework and allows for the detection of potential misconfigurations or vulnerabilities. The severity of this module is classified as low.
This module helps identify any misconfigurations or vulnerabilities related to Spring beans in a Spring Boot application. By detecting these issues, it enables developers to address them and enhance the security and performance of their applications.
The "Detect Springboot Beans Actuator" module works by sending HTTP requests to specific endpoints ("/beans" and "/actuator/beans") in the target application. It then applies matching conditions to determine if the response indicates the presence of Spring beans.
The matching conditions for this module are as follows:
- The response body must contain the words "type", "beans", "dependencies", and "scope". - The HTTP response status must be 200 (OK). - The response headers must include one of the following: "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json".If all of these conditions are met, the module will report a potential misconfiguration or vulnerability related to Spring beans in the target application.