Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Springboot Thread Dump page

By kannthu

Low
Vidoc logoVidoc Module
#springboot
Description

What is the "Detect Springboot Thread Dump page?" module?

The "Detect Springboot Thread Dump page" module is designed to detect the presence of a thread dump endpoint in a Spring Boot application. It targets Spring Boot applications and aims to identify potential misconfigurations or vulnerabilities related to the thread dump functionality. This module has a low severity level and was authored by philippedelteil.

Impact

The thread dump endpoint provides a snapshot of the application's JVM threads. If this endpoint is misconfigured or accessible to unauthorized users, it could potentially expose sensitive information about the application's internal state, including thread names and other details. This information could be leveraged by attackers to gain insights into the application's behavior or exploit any vulnerabilities present.

How does the module work?

The module sends HTTP requests to the following paths: /threaddump and /actuator/threaddump. It then applies several matching conditions to determine if the thread dump endpoint is present and properly configured:

- The response body must contain the words "threads": and "threadName":. - The response headers must include one of the following content types: application/json, application/vnd.spring-boot.actuator, application/vnd.spring-boot.actuator.v2+json, or application/vnd.spring-boot.actuator.v1+json. - The HTTP status code must be 200.

If all of these conditions are met, the module will report a potential vulnerability or misconfiguration related to the Spring Boot thread dump page.

For more information, refer to the Spring Boot documentation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/threaddump/actuator/threaddump
Matching conditions
word: "threads":, "threadName":and
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability