Apache server-status is enabled

Description

Kayran has detected that information regarding your Apache status is being displayed.

Sensitive information such as the Apache status is being displayed on this page, causing Information Disclosure.
Attackers can use this information to conduct further, more advanced attacks against your assets.

Severity/Score

CVSS Version 3.x – 5.3 Medium

Recommendation

If this feature is not being used by you, disable it through the Apache config file.
You can simply disable “server-status”. Also, you can restrict access to the “/server-status” URL.

References

https://cwe.mitre.org/data/definitions/200.html

https://kayran.io/blog/blog/information-disclosure-self-revealing-our-secrets/

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »