Description

Apache /stronghold-status displays information about your Apache configuration. This URL is enabled when you are using Apache Stronghold. If you are not using this feature, disable it.

Remediation

Disable this functionality if not required.

References

Apache Homepage

Related Vulnerabilities

Weak Nonce Detected in Content Security Policy (CSP) Declaration

WordPress Plugin WP PHP widget Information Disclosure (1.0.2)

WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)

Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6497)

Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure