2021-01-28 17:43:50 +00:00
id : springboot-heapdump
2021-01-12 03:54:18 +00:00
info :
2022-05-20 21:38:52 +00:00
name : Spring Boot Actuator - Heap Dump Detection
2021-06-09 12:20:56 +00:00
author : that_juan_,dwisiswant0,wdahlenb
2021-01-12 03:54:18 +00:00
severity : critical
2022-05-20 21:38:52 +00:00
description : A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests.
reference :
- https://github.com/pyn3rd/Spring-Boot-Vulnerability
2021-08-06 15:32:50 +00:00
tags : springboot,exposure
2021-01-12 03:54:18 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/heapdump"
- "{{BaseURL}}/actuator/heapdump"
2021-05-14 13:52:08 +00:00
max-size : 2097152 # 2MB - Max Size to read from server response
2021-01-12 03:54:18 +00:00
matchers-condition : and
matchers :
2021-08-06 15:32:50 +00:00
2021-01-12 03:54:18 +00:00
- type : binary
part : body
binary :
- "4a4156412050524f46494c45" # "JAVA PROFILE"
- "4850524f46" # "HPROF"
- "1f8b080000000000" # Gunzip magic byte
condition : or
2021-05-14 13:52:08 +00:00
2021-01-12 03:54:18 +00:00
- type : status
status :
- 200
2022-05-20 21:38:52 +00:00
# Enhanced by mp on 2022/05/20