Vulnerabilities/

Apache server-info enabled

Severity:
Medium

Description

Exposing the Apache server-info page allows attackers to gather detailed information about the server configuration, installed modules, and other system-related details, aiding potential attacks.

Recommendation

To mitigate this risk, disable the server-info functionality in the Apache configuration file. Additionally, restrict access to the /server-info URL using appropriate access controls.

References

Related Issues

Tags:
Server Misconfiguration
Information Disclosure
Apache
WASC-14
WASC-13
CWE-16
CWE-200
OWASP 2021-A5
OWASP 2017-A6
OWASP 2013-A5
CAPEC-118
Anything's wrong? Let us know Last updated on May 13, 2024

Use SmartScanner Free version to test for this issue

Download