Skip to content

Configuration: Springboot Actuator Shutdown Misconfiguration

Identifier: springboot_actuator_shutdown

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Spring Boot Actuator shutdown endpoint exposure allows attackers to remotely shut down the application, causing denial of service if the endpoint is left accessible in production environments.

How we test: We attempt to access Spring Boot Actuator shutdown endpoints and analyze responses to detect if the application can be remotely shut down. We check if shutdown endpoints are accessible and if they allow unauthenticated or unauthorized shutdown operations.

Configuration

Example

Example configuration:

---
security_tests:
  springboot_actuator_shutdown:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.