Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Detect Springboot Loggers" module is designed to detect potential misconfigurations in Spring Boot applications. It specifically targets the exposure of loggers and their levels. This module has a low severity level and was authored by that_juan_, dwisiswant0, and wdahlenb.
If the module detects a misconfiguration, it could potentially expose sensitive logging information, which may lead to security vulnerabilities or unauthorized access to application logs.
The "Detect Springboot Loggers" module works by sending HTTP requests to specific endpoints ("/loggers" and "/actuator/loggers") in the target Spring Boot application. It then applies matching conditions to determine if the application is misconfigured.
Matching conditions:
- The response body must contain the words "loggers" and "levels". - The request must have one of the following headers: "application/json", "application/vnd.spring-boot.actuator", or "application/vnd.spring-boot.actuator.v1+json". - The response status code must be 200.By analyzing the response and matching conditions, the module can identify potential misconfigurations related to Spring Boot loggers.