Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed - Vulnerability Database

Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed

Description

This Spring web application is configured with the Spring Boot Shutdown Actuator enabled. This Actuator endpoint allows authenticated users to shut down the application.

Remediation

It's recommended to disable the Spring Boot Shutdown Actuator unless there is a good reason to have this feature enabled. This can be done using the following configuration: <pre> endpoints.shutdown.enabled=false </pre>

References

Part V. Spring Boot Actuator: Production-ready features

Related Vulnerabilities

GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability Medium
Common tags: Configuration Denial Of Service
Apache Tomcat version older than 7.0.23 High
Common tags: Configuration Denial Of Service
Node.js Web Application does not handle unhandledRejection Medium
Common tags: Configuration Denial Of Service
Node.js Web Application does not handle uncaughtException Medium
Common tags: Configuration Denial Of Service
Web Cache Poisoning via Host Header High
Common tags: Configuration Denial Of Service

Severity

Low

Classification

CWE-16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Denial Of Service