Summary
Acunetix 360 detected the Spring Boot Actuator Endpoint.
Impact
Actuator endpoints allow you to monitor and interact with your Spring application. Spring Boot includes a number of built-in endpoints and you can also add your own. For example the health endpoint provides basic application health information. The following endpoints are available:
-
/autoconfig - Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied.
-
/beans - Displays a complete list of all the Spring beans in your application.
-
/configprops - Displays a collated list of all @ConfigurationProperties.
-
/dump - Performs a thread dump.
-
/env - Exposes properties from Spring's ConfigurableEnvironment.
-
/health - Shows application health information (a simple 'status' when accessed over an unauthenticated connection or full message details when authenticated).
-
/info - Displays arbitrary application info.
-
/metrics - Shows 'metrics' information for the current application.
-
/mappings - Displays a collated list of all @RequestMapping paths.
-
/shutdown - Allows the application to be gracefully shutdown (not enabled by default).
-
/trace - Displays trace information (by default the last few HTTP requests).
Remediation
In production, it is recommended to disable access to these endpoints.