Apache server-status is enabled

Description

Kayran has detected that information regarding your Apache status is being displayed.

Sensitive information such as the Apache status is being displayed on this page, causing Information Disclosure.
Attackers can use this information to conduct further, more advanced attacks against your assets.

Recommendation

If this feature is not being used by you, disable it through the Apache config file.
You can simply disable “server-status”. Also, you can restrict access to the “/server-status” URL.

References

https://cwe.mitre.org/data/definitions/200.html

https://kayran.io/blog/blog/information-disclosure-self-revealing-our-secrets/

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »