Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Detect Springboot Dump Actuator" module is designed to detect the presence of a misconfiguration in a Spring Boot application. It specifically targets the exposure of sensitive information through the "/dump" and "/actuator/dump" endpoints. This module has a severity level of low.
If the misconfiguration is present and the sensitive information is exposed, it can potentially lead to unauthorized access and compromise of the application's data.
The "Detect Springboot Dump Actuator" module works by sending HTTP requests to the "/dump" and "/actuator/dump" endpoints of the targeted Spring Boot application. It then applies matching conditions to determine if the sensitive information is being exposed.
One example of a matching condition is checking the response body for specific keywords such as "threadName", "threadId", "waitedTime", "lockName", "stackTrace", and "methodName". Additionally, it verifies that the HTTP response status is 200.
If both matching conditions are met, the module reports a vulnerability, indicating that the sensitive information is being exposed through the actuator endpoints.