Details
Alert Id 40042
Alert Type Active
Status alpha
Risk Medium
CWE 215
WASC 13
Tags OWASP_2017_A05
OWASP_2021_A01
WSTG-V42-CONF-05

Summary

Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it.

Solution

Disable the Health Actuators and other actuators, or restrict them to administrative users.

References

Code

org/zaproxy/zap/extension/ascanrulesAlpha/SpringActuatorScanRule.java