|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-01-07 | |
| Rule Name: | Spring Boot Actuator heapdump API Unauthorized Access vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Spring Boot Actuator is a function module that is provided by springboot to self-examine and monitor the application system. With the help of Actuator, developers can easily view and collect statistics of certain monitoring indicators of the application system. Without proper permission control, illegal users can access the default Actuator endpoints to obtain monitoring information of the actuator. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |