Description

The Apache2::Status module provides information about the status of the Perl interpreter embedded in the server. This status page can leak sensitive information that could help an attacker perform more complicated attacks. Please disable /perl-status or restrict it to only a set of IP addresses that really need to use it.

Remediation

Disable this functionality if not required.

References

Apache Homepage

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0195)

SharePoint exposed web services

WordPress Plugin Simple History Information Disclosure (1.0.7)

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)

WordPress Plugin wp superb Slideshow Information Disclosure (2.4)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure