Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Exposed Spring Data REST Application-Level Profile Semantics (ALPS)" module is designed to detect misconfigurations in applications that use Spring Data REST and expose ALPS profiles. ALPS (Application-Level Profile Semantics) is a specification that allows APIs to provide metadata about their resources and operations. This module focuses on identifying instances where ALPS profiles are publicly accessible, potentially exposing sensitive information about the API structure.
This module has a medium severity level, indicating that it can potentially lead to security vulnerabilities if misconfigurations are present.
This module was authored by dwisiswant0.
If the "Exposed Spring Data REST Application-Level Profile Semantics (ALPS)" module detects misconfigurations, it indicates that ALPS profiles are publicly accessible. This can expose sensitive information about the API structure, potentially aiding attackers in understanding the application's functionality and identifying potential vulnerabilities.
The "Exposed Spring Data REST Application-Level Profile Semantics (ALPS)" module works by sending HTTP requests to specific endpoints commonly used for accessing ALPS profiles. It then applies matching conditions to determine if the response indicates the presence of an exposed ALPS profile.
For example, one of the HTTP requests sent by this module is a GET request to the following paths:
- /profile
- /api/profile
- /alps/profile
The module applies the following matching conditions:
- The response body must contain the words "_links", "/alps/", and "profile". - The response headers must include the word "application/hal+json". - The response status code must be 200 (OK).If all of these conditions are met, the module identifies the presence of an exposed ALPS profile.
Note: The actual JSON definitions of the module are not shown here for simplicity.
For more information, you can refer to the reference article by dwisiswant0.