Apache server-status is enabled

Description

Kayran has detected that information regarding your Apache status is being displayed.

Sensitive information such as the Apache status is being displayed on this page, causing Information Disclosure.
Attackers can use this information to conduct further, more advanced attacks against your assets.

Recommendation

If this feature is not being used by you, disable it through the Apache config file.
You can simply disable “server-status”. Also, you can restrict access to the “/server-status” URL.

References

https://cwe.mitre.org/data/definitions/200.html

https://kayran.io/blog/blog/information-disclosure-self-revealing-our-secrets/

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »