Security Test: Springboot Actuator Restart Misconfiguration¶
Description¶
Default Severity:
The vulnerability happens when developers leave the Actuator restart endpoint exposed without proper security controls. An attacker can trigger an application restart, which might open the door to other attacks—causing downtime or revealing internal details of how the app is configured and managed. Often, this misconfiguration occurs when sensitive endpoints are enabled in production, usually to help with debugging during development, but then not locked down when the app goes live. The impact can be severe, leading not only to disruption of services but also to further exploitation by attackers who gather more insights about the system.
Configuration¶
Identifier:
configuration/springboot_actuator_restart
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-123 |
| FedRAMP | SI-2 |
| CWE | 284 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS Score | 7.5 |