Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detects Springboot Jolokia Actuator

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#springboot#exposure
Description

What is "Detects Springboot Jolokia Actuator?"

The "Detects Springboot Jolokia Actuator" module is designed to identify potential misconfigurations in Springboot applications that expose the Jolokia Actuator endpoint. The Jolokia Actuator is a management endpoint that provides access to various application metrics and information. This module focuses on detecting the presence of the Jolokia Actuator and its potential exposure to unauthorized access.

This module has a low severity level, indicating that the identified misconfigurations may not pose a significant risk but should still be addressed to ensure the security of the application.

This module was authored by DhiyaneshDK.

Impact

If the Jolokia Actuator is misconfigured and exposed, it could potentially allow unauthorized access to sensitive application information and functionality. Attackers may be able to exploit this vulnerability to gather sensitive data, manipulate application behavior, or launch further attacks on the system.

How does the module work?

The "Detects Springboot Jolokia Actuator" module works by sending HTTP requests to specific paths associated with the Jolokia Actuator endpoint. It then applies a set of matching conditions to determine if the endpoint is misconfigured or exposed.

For example, one of the HTTP requests sent by this module is a GET request to the paths "/jolokia" and "/actuator/jolokia". The module checks for the presence of specific keywords in the response body, such as "\"config\":{" and "\"agentId\":\"", to identify potential misconfigurations.

In addition, the module checks the response headers for specific values, including "application/json", "application/vnd.spring-boot.actuator", "application/vnd.spring-boot.actuator.v1+json", and "text/plain". If any of these values are found, it indicates that the Jolokia Actuator may be exposed.

The module also verifies the HTTP response status code, ensuring that it is 200, indicating a successful request.

By combining these matching conditions, the module determines if the Springboot application's Jolokia Actuator is misconfigured or exposed.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/jolokia/actuator/jolokia
Matching conditions
word: "config":{, "agentId":"and
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability