Spring Boot Actuator Sensitive Endpoint Probe for 2026-03-02

Last Updated: 12:16 UTC

Spring Boot Actuator exposes management endpoints. heapdump returns a full JVM heap snapshot containing in-memory secrets. env returns all environment variables. gateway/routes is the RCE precursor for CVE-2022-22947 (Spring Cloud Gateway SPEL injection).

CVE References

CVE-2022-22947

MITRE ATT&CK

Tactic: Discovery (TA0007)
Technique: T1046 — Network Service Scanning

Observed URIs

• /actuator/gateway/routes/3ANAzfOIliu3pnzeIvYqNv45izJ
• /actuator/gateway/refresh
• /actuator/gateway/routes/QDbKzOFv
• /actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor
• /actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor

Attackers by Country

IP Address : ASN : City/Provider

• 198.167.197.162 : AS39287 ab stract : Sweden

• 79.124.40.174 : AS49849 mg 2002 : Bulgaria