Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Springboot Actuator Caches

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#springboot#exposure
Description

What is the "Springboot Actuator Caches?"

The "Springboot Actuator Caches" module is designed to detect misconfigurations in Spring Boot applications. It targets the caches endpoint, which provides access to the application's caches. This module has a low severity level.

Impact

This module helps identify potential misconfigurations in the Spring Boot application's caches. If misconfigured, it could lead to performance issues or data inconsistencies.

How the module works?

The "Springboot Actuator Caches" module sends a GET request to the "/caches" and "/actuator/caches" endpoints. It then applies several matching conditions to determine if a misconfiguration exists:

- The response body must contain the word "cacheManagers". - The request must have one of the following headers: "application/json", "application/vnd.spring-boot.actuator", "application/vnd.spring-boot.actuator.v1+json", or "application/vnd.spring-boot.actuator.v2+json". - The response status code must be 200.

If all the matching conditions are met, the module will report a potential misconfiguration in the Spring Boot application's caches.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/caches/actuator/caches
Matching conditions
word: cacheManagersand
word: application/json, application/vnd.spring...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability