Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Spring Boot Scheduledtasks Actuator Panel - Detect" module is designed to detect the presence of the Spring Boot Scheduledtasks Actuator panel. This module focuses on identifying potential misconfigurations in the Spring Boot application related to scheduled tasks. It is an informative module that provides insights into the configuration of scheduled tasks in the application.
This module has a severity level of informative, which means it provides information about potential misconfigurations but does not indicate the presence of a vulnerability or exploit.
This module does not have any direct impact on the application. It is purely designed to detect and report potential misconfigurations in the Spring Boot Scheduledtasks Actuator panel.
The module works by sending HTTP requests to specific endpoints related to scheduled tasks in the Spring Boot application. It checks for the presence of specific keywords, such as "cron" and "fixedDelay," in the response body. Additionally, it verifies the presence of specific headers, including "application/json," "application/vnd.spring-boot.actuator," "application/vnd.spring-boot.actuator.v1+json," and "application/vnd.spring-boot.actuator.v2+json." The module also ensures that the HTTP response status is 200.
Here is an example of an HTTP request sent by the module:
GET /scheduledtasks HTTP/1.1
Host: example.com
The module matches the response against the defined conditions, including the presence of keywords in the response body and specific headers. If all the conditions are met, the module reports the potential misconfiguration.