Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Spring Boot Actuator - Heap Dump Detection

By kannthu

Critical
Vidoc logoVidoc Module
#springboot#exposure
Description

What is the "Spring Boot Actuator - Heap Dump Detection?"

The "Spring Boot Actuator - Heap Dump Detection" module is designed to detect a misconfiguration in Spring Boot Actuator that could potentially expose sensitive information. Spring Boot Actuator is a feature of the Spring Boot framework that provides endpoints for monitoring and managing the application in production. This module focuses specifically on detecting misconfigurations related to heap dump endpoints.

This module has a severity level of critical, indicating that if a misconfiguration is found, it could have a significant impact on the security of the application.

Impact

If a misconfiguration is detected by this module, it means that the heap dump endpoint of the Spring Boot Actuator is exposed to unauthorized access. Heap dumps contain a snapshot of the application's memory, which can include sensitive information such as passwords, session data, and other confidential data. An attacker who gains access to the heap dump can potentially extract this sensitive information and use it for malicious purposes.

How the module works?

The "Spring Boot Actuator - Heap Dump Detection" module works by sending HTTP requests to the target application's heap dump endpoints. It then applies matching conditions to determine if a misconfiguration is present.

One of the matching conditions checks the response body for specific binary patterns, including "4a4156412050524f46494c45", "4850524f46", and "1f8b080000000000". If any of these patterns are found in the response body, it indicates that the heap dump endpoint is exposed.

Another matching condition verifies that the HTTP response status is 200, indicating a successful request. Both matching conditions must be met for the module to detect a misconfiguration.

Here is an example of an HTTP request sent by this module:

GET /heapdump HTTP/1.1
Host: example.com

If a misconfiguration is detected, the module will report it as a vulnerability, allowing the user to take appropriate actions to secure the heap dump endpoint.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/heapdump/actuator/heapdump
Matching conditions
binary: 4a4156412050524f46494c45, 4850524f46, 1f...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability