nuclei-templates/misconfiguration/springboot/springboot-heapdump.yaml

id: springboot-heapdump

info:
  name: Spring Boot Actuator - Heap Dump Detection
  author: that_juan_,dwisiswant0,wdahlenb
  severity: critical
  description: A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests.
  reference:
    - https://github.com/pyn3rd/Spring-Boot-Vulnerability
  tags: springboot,exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/heapdump"
      - "{{BaseURL}}/actuator/heapdump"

    stop-at-first-match: true
    max-size: 2097152 # 2MB - Max Size to read from server response
    matchers-condition: and
    matchers:

      - type: binary
        part: body
        binary:
          - "4a4156412050524f46494c45" # "JAVA PROFILE"
          - "4850524f46" # "HPROF"
          - "1f8b080000000000" # Gunzip magic byte
        condition: or

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/05/20
renaming few templates 2021-01-28 17:43:50 +00:00			`id: springboot-heapdump`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00
			`info:`
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements 2022-05-20 21:38:52 +00:00			`name: Spring Boot Actuator - Heap Dump Detection`
Updated author names 2021-06-09 12:20:56 +00:00			`author: that_juan_,dwisiswant0,wdahlenb`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00			`severity: critical`
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements 2022-05-20 21:38:52 +00:00			`description: A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests.`
			`reference:`
			`- https://github.com/pyn3rd/Spring-Boot-Vulnerability`
minor update 2021-08-06 15:32:50 +00:00			`tags: springboot,exposure`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/heapdump"`
			`- "{{BaseURL}}/actuator/heapdump"`
Adding "max-size" to avoid timeout error due to response size 2021-05-14 13:52:08 +00:00
Update springboot-heapdump.yaml 2022-07-28 08:35:45 +00:00			`stop-at-first-match: true`
Adding "max-size" to avoid timeout error due to response size 2021-05-14 13:52:08 +00:00			`max-size: 2097152 # 2MB - Max Size to read from server response`
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00			`matchers-condition: and`
			`matchers:`
minor update 2021-08-06 15:32:50 +00:00
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00			`- type: binary`
			`part: body`
			`binary:`
			`- "4a4156412050524f46494c45" # "JAVA PROFILE"`
			`- "4850524f46" # "HPROF"`
			`- "1f8b080000000000" # Gunzip magic byte`
			`condition: or`
Adding "max-size" to avoid timeout error due to response size 2021-05-14 13:52:08 +00:00
Split springboot-detect into individual templates with appropriate severities and matchers 2021-01-12 03:54:18 +00:00			`- type: status`
			`status:`
			`- 200`
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements 2022-05-20 21:38:52 +00:00
			`# Enhanced by mp on 2022/05/20`