Skip to content

Configuration: Springboot Actuator Restart Misconfiguration

Identifier: springboot_actuator_restart

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Spring Boot Actuator restart endpoint exposure allows attackers to remotely restart the application, potentially causing downtime or revealing internal configuration details.

How we test: We attempt to access Spring Boot Actuator restart endpoints and analyze responses to detect if the application can be remotely restarted. We check if restart endpoints are accessible and if they allow unauthenticated or unauthorized restart operations.

Configuration

Example

Example configuration:

---
security_tests:
  springboot_actuator_restart:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.