Apache server-status enabled
Impact: Medium
Description
Exposing the Apache server-status page allows attackers to gather detailed information about the server’s current state, facilitating potential attacks by revealing active connections, server uptime, and resource usage.
Recommendation
To mitigate this risk, disable the server-status
functionality in the Apache configuration file. Additionally, restrict access to the /server-status
URL using appropriate access controls.
References
👉 You might also like:
Apache server-info enabled - Vulnerability
Apache Version Disclosure - Vulnerability
Nginx Version Disclosure - Vulnerability
Server Version Disclosure - Vulnerability
Last updated on May 13, 2024