Apache server-info enabled
Impact: Medium
Description
Sensitive information is exposed on this page. Attackers can use this information to extend their attack.
Recommendation
Disable server-info
in the Apache config file. Another mitigation is to limit access to /server-info
URL.
References
- Apache Module mod_info
- Apache HTTP Server
- OWASP 2017-A6
- OWASP 2021-A5
- CWE-16
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
👉 You might also like:
Apache server-status enabled - Vulnerability
Apache Version Disclosure - Vulnerability
PHP Version Disclosure - Vulnerability
X-Powered-By Header Found - Vulnerability
Last updated on February 15, 2021