Config files : DevTools enabled

Classification

OWASP Top 10 2013

A5-Security Misconfiguration

OWASP Top 10 2017

A6-Security Misconfiguration

OWASP Top 10 2021

A5-Security Misconfiguration

CWE

CWE-1031

Overview

The Spring Boot application is configured in developer mode.

The application uses a DevTools instruments that can make the development proccess more comfortable. An attacker can exploit this functionality if DevTools explicity used in a production environment.

In the official Spring Boot documentation stated: “Enabling spring-boot-devtools on a remote application is a security risk. You should never enable support on a production deployment.”

References

Spring Boot Reference Guide
CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control

MEDIUM

Config files : DevTools enabled

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Config files : DevTools enabled in your application?

See also

Config files : Text4Shell Vulnerability

Config files : Incorrect directory deletion

Config files : Code injection