Summary #

Invicti detected that the web application is running with spring-boot-devtools enabled. Spring Boot includes an additional set of tools that can make the application development experience a little more pleasant. The spring-boot-devtools module can be included in any project to provide additional development-time features.

Impact #

Enabling spring-boot-devtools on a remote application is a security risk. You should never enable support on a production deployment.

Actions To Take #

It's recommended to disable spring-boot-devtools. This can be done by removing the spring-boot-devtools dependency from your build automation tool configuration file.

Classifications #
CWE-16; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo