Summary
Leak of information in Apache.
Impact
Requesting the URI /server-status gives information about the currently running Apache.
Solution
If you don't use this feature, comment the appropriate section in your httpd.conf file. If you really need it, limit its access to the administrator's machine.
Insight
server-status is a built-in Apache HTTP Server handler used to retrieve the server's status report.
Affected
All Apache version.
Detection
Check if /server-status page exist.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability