ANSSI Reco-Admin §2.3

Ne pas exposer /actuator/env

UnveilScan findings mapped to this control

The scanner emits 1 distinct finding on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.api.actuator_env ⏱ 30 min

WEB — Api.actuator env

Risk if ignored: Spring Actuator /env dumps the entire application configuration, including DB strings and API keys.

security financial

Also maps to 2 other controls

ISO 27001:2022 A.8.9 — Configuration management
PCI-DSS 4.0 3.3.1 — Sensitive authentication data