id: springboot-gateway info: name: Detect Spring Gateway Actuator author: wdahlenb severity: medium description: Sensitive environment variables may not be masked reference: - https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/ tags: springboot,exposure,misconfig metadata: max-request: 2 http: - method: GET path: - "{{BaseURL}}/gateway/routes" - "{{BaseURL}}/actuator/gateway/routes" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "predicate" - "route_id" condition: and - type: word part: header words: - "application/json" - type: status status: - 200