Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Springboot Actuator Caches" module is designed to detect misconfigurations in Spring Boot applications. It targets the caches endpoint, which provides access to the application's caches. This module has a low severity level.
This module helps identify potential misconfigurations in the Spring Boot application's caches. If misconfigured, it could lead to performance issues or data inconsistencies.
The "Springboot Actuator Caches" module sends a GET request to the "/caches" and "/actuator/caches" endpoints. It then applies several matching conditions to determine if a misconfiguration exists:
- The response body must contain the word "cacheManagers". - The request must have one of the following headers: "application/json", "application/vnd.spring-boot.actuator", "application/vnd.spring-boot.actuator.v1+json", or "application/vnd.spring-boot.actuator.v2+json". - The response status code must be 200.If all the matching conditions are met, the module will report a potential misconfiguration in the Spring Boot application's caches.