Description
Exposing the Apache server-info page allows attackers to gather detailed information about the server configuration, installed modules, and other system-related details, aiding potential attacks.
Recommendation
To mitigate this risk, disable the server-info
functionality in the Apache configuration file. Additionally, restrict access to the /server-info
URL using appropriate access controls.