Spring Boot Actuator Endpoint Detected

Severity: Medium

Invicti detected the Spring Boot Actuator Endpoint.


Actuator endpoints allow you to monitor and interact with your Spring application. Spring Boot includes a number of built-in endpoints and you can also add your own. For example the health endpoint provides basic application health information. The following endpoints are available:

  • /autoconfig - Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied.

  • /beans - Displays a complete list of all the Spring beans in your application.

  • /configprops - Displays a collated list of all @ConfigurationProperties.

  • /dump - Performs a thread dump.

  • /env - Exposes properties from Spring's ConfigurableEnvironment.

  • /health - Shows application health information (a simple 'status' when accessed over an unauthenticated connection or full message details when authenticated).

  • /info - Displays arbitrary application info.

  • /metrics - Shows 'metrics' information for the current application.

  • /mappings - Displays a collated list of all @RequestMapping paths.

  • /shutdown - Allows the application to be gracefully shutdown (not enabled by default).

  • /trace - Displays trace information (by default the last few HTTP requests).


In production, it is recommended to disable access to these endpoints.


Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works