Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
Severity:
Medium
Summary
Invicti detected that the web application is configured with the Spring Boot Shutdown Actuator enabled. This Actuator endpoint allows authenticated users to shut down the application.
Impact
An authenticated user can use the Spring Boot Shutdown Actuator to shut down the application.
Remediation
Required Skills for Successful Exploitation
Actions To Take
It's recommended to disable the Spring Boot Shutdown Actuator unless there is a good reason to have this feature enabled. This can be done using the following configuration:
endpoints.shutdown.enabled=false
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Featured resources
Build your resistance to threats. And save hundreds of hours each month.
