|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-08-02 | |
| Rule Name: | Springboot Actuator Command Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Actuator is Springboot's function module for introspection and monitoring of an application. With Actuator, developers can easily view, count, and other aspects of an application's monitoring. In the case of Actuator enabled, when POST request /Actuator/ENV interfaces and set a number of properties, attacker can casuse command injection. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |