Details
Alert ID 40042
Alert Type Active
Status release
Risk Medium
CWE 215
WASC 13
Technologies Targeted Language / Java
Language / Java / Spring
Tags CWE-215
OWASP_2017_A05
OWASP_2021_A01
POLICY_API
POLICY_QA_FULL
WSTG-V42-CONF-05
More Info Scan Rule Help

Summary

Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it.

Solution

Disable the Health Actuators and other actuators, or restrict them to administrative users.

Other Info

References

Code

org/zaproxy/zap/extension/ascanrules/SpringActuatorScanRule.java