Link Search Menu Expand Document

Insecure Functionality Exposed in Java

Spring Boot

Spring Boot provides actuator endpoints to monitor a Spring Boot application. If the application is configured to allow access to all Spring Boot actuators, this could result in the heap of the application being dumped, and unauthorised access impersonating a logged-in user being obtained.

H2

An application using an in-memory H2 DBMS (e.g. bundled as part of a COTS software) may expose the H2 Management console to end users. This may result in remote attackers accessing and/or modifying data stored in the database.

References

OWASP Top 10 - Security Misconfiguration MITRE - CWE 749 Exposed Dangerous Method or Function