Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Detect Springboot Conditions Actuator" module is designed to detect potential misconfigurations in Spring Boot applications. It specifically targets the Spring Boot Actuator's "/conditions" and "/actuator/conditions" endpoints. This module has a low severity level and was authored by DhiyaneshDK.
This module helps identify misconfigurations in Spring Boot applications, which can potentially expose sensitive information or lead to security vulnerabilities. By detecting these conditions, developers can take appropriate measures to secure their applications and prevent potential attacks.
The "Detect Springboot Conditions Actuator" module works by sending HTTP requests to the "/conditions" and "/actuator/conditions" endpoints of a Spring Boot application. It then applies matching conditions to determine if any misconfigurations are present.
Here is an example of an HTTP request sent by the module:
GET /conditions
Host: example.com
The module uses the following matching conditions:
- The response body must contain the words "\"positiveMatches\":{" and "\"unconditionalClasses\":[". - The request must have one of the following headers: "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json". - The response status code must be 200.If all of these conditions are met, the module will report a potential misconfiguration in the Spring Boot application.