Spring: It isn't just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too., (Mon, Apr 11th)

Our “First Seen URL” page did show attempts to access /actuator/gateway/routes this weekend. So I dug in a bit deeper to see what these scans are all about. The scans originate from %%ip: and have been going on for a few days already, but our first-seen list doesn’t display them until they hit a threshold to consider the scans significant. We also see scans from a couple of our IPs, but at a much lower level.

Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center