Apache server-status enabled
Impact: Medium
Description
Sensitive information is exposed on this page. Attackers can use this information to extend their attack.
Recommendation
Disable server-status in the Apache config file. Another mitigation is to limit access to /server-status URL.
References
- Apache Module mod_status
- Apache HTTP Server
- OWASP 2017-A6
- OWASP 2021-A5
- CWE-16
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
👉 You might also like:
Apache server-info enabled - Vulnerability
Apache Version Disclosure - Vulnerability
PHP Version Disclosure - Vulnerability
X-Powered-By Header Found - Vulnerability
Last updated on February 15, 2021