nuclei-templates/http/misconfiguration/springboot/springboot-heapdump.yaml

id: springboot-heapdump

info:
  name: Spring Boot Actuator - Heap Dump Detection
  author: that_juan_,dwisiswant0,wdahlenb
  severity: critical
  description: |
    A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests.
  reference:
    - https://github.com/pyn3rd/Spring-Boot-Vulnerability
  metadata:
    max-request: 3
  tags: springboot,exposure,misconfig
variables:
  str: "{{rand_base(6)}}"

http:
  - raw:
      - |
        GET /{{str}} HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /heapdump HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /actuator/heapdump HTTP/1.1
        Host: {{Hostname}}

    max-size: 2097152 # 2MB - Max Size to read from server response

    matchers-condition: or
    matchers:
      - type: dsl
        dsl:
          - "!contains(hex_encode(body_1), '1f8b080000000000')"
          - "contains(hex_encode(body_2), '1f8b080000000000')"
        condition: and

      - type: dsl
        dsl:
          - "!contains(hex_encode(body_1), '1f8b080000000000')"
          - "contains(hex_encode(body_3), '1f8b080000000000')"
        condition: and

      - type: dsl
        dsl:
          - "contains(hex_encode(body_2), '4a4156412050524f46494c45') || contains(hex_encode(body_2), '4850524f46')"
          - "contains(hex_encode(body_3), '4a4156412050524f46494c45') || contains(hex_encode(body_3), '4850524f46')"
        condition: or

# digest: 4b0a0048304602210090329c9d05188b4f4a2a1be77fcdce53e8950ab5ab7fcf6cbcf8cb529b3853e2022100dfb3edfe1402c4a3413780785a2083bbe03fb7df08cbc7d2755eaf45dd049a8e:922c64590222798bb761d5b6d8e72950
renaming few templates 2021-01-28 17:43:50 +00:00			`id: springboot-heapdump`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00
			`info:`
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements 2022-05-20 21:38:52 +00:00			`name: Spring Boot Actuator - Heap Dump Detection`
Updated author names 2021-06-09 12:20:56 +00:00			`author: that_juan_,dwisiswant0,wdahlenb`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00			`severity: critical`
updated matcher 2023-06-06 05:17:44 +00:00			`description: \|`
			`A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests.`
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements 2022-05-20 21:38:52 +00:00			`reference:`
			`- https://github.com/pyn3rd/Spring-Boot-Vulnerability`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
Update springboot-heapdump.yaml 2023-05-29 16:38:21 +00:00			`max-request: 3`
merge branch main into patch/tag-standardization 2023-06-30 21:56:15 +00:00			`tags: springboot,exposure,misconfig`
Update springboot-heapdump.yaml 2023-05-29 16:38:21 +00:00			`variables:`
			`str: "{{rand_base(6)}}"`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Update springboot-heapdump.yaml 2023-05-29 16:38:21 +00:00			`- raw:`
			`- \|`
			`GET /{{str}} HTTP/1.1`
			`Host: {{Hostname}}`
			`- \|`
			`GET /heapdump HTTP/1.1`
			`Host: {{Hostname}}`
			`- \|`
			`GET /actuator/heapdump HTTP/1.1`
			`Host: {{Hostname}}`
Adding "max-size" to avoid timeout error due to response size 2021-05-14 13:52:08 +00:00
			`max-size: 2097152 # 2MB - Max Size to read from server response`
templateman update 2023-10-14 11:27:55 +00:00
Update springboot-heapdump.yaml 2023-05-30 01:03:13 +00:00			`matchers-condition: or`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00			`matchers:`
Update springboot-heapdump.yaml 2023-05-29 16:38:21 +00:00			`- type: dsl`
			`dsl:`
Update springboot-heapdump.yaml 2023-05-30 01:03:13 +00:00			`- "!contains(hex_encode(body_1), '1f8b080000000000')"`
			`- "contains(hex_encode(body_2), '1f8b080000000000')"`
fix indentation err 2023-06-06 05:24:25 +00:00			`condition: and`
minor update 2021-08-06 15:32:50 +00:00
Update springboot-heapdump.yaml 2023-05-30 01:03:13 +00:00			`- type: dsl`
			`dsl:`
			`- "!contains(hex_encode(body_1), '1f8b080000000000')"`
			`- "contains(hex_encode(body_3), '1f8b080000000000')"`
fix indentation err 2023-06-06 05:24:25 +00:00			`condition: and`
fixed matcher 2023-05-29 07:13:15 +00:00
Update springboot-heapdump.yaml 2023-05-29 16:38:21 +00:00			`- type: dsl`
			`dsl:`
updated matcher 2023-06-06 05:17:44 +00:00			`- "contains(hex_encode(body_2), '4a4156412050524f46494c45') \|\| contains(hex_encode(body_2), '4850524f46')"`
			`- "contains(hex_encode(body_3), '4a4156412050524f46494c45') \|\| contains(hex_encode(body_3), '4850524f46')"`
fix indentation err 2023-06-06 05:24:25 +00:00			`condition: or`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4b0a0048304602210090329c9d05188b4f4a2a1be77fcdce53e8950ab5ab7fcf6cbcf8cb529b3853e2022100dfb3edfe1402c4a3413780785a2083bbe03fb7df08cbc7d2755eaf45dd049a8e:922c64590222798bb761d5b6d8e72950`