Summary

Acunetix 360 detected that the web application is configured with the Spring Boot Shutdown Actuator enabled. This Actuator endpoint allows authenticated users to shut down the application.

Impact

An authenticated user can use the Spring Boot Shutdown Actuator to shut down the application.

Actions To Take

It's recommended to disable the Spring Boot Shutdown Actuator unless there is a good reason to have this feature enabled.  This can be done using the following configuration:

endpoints.shutdown.enabled=false

Severity

Medium

Classification

CWE-16 OWASP 2013-A5 OWASP 2017-A6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N