Summary

Acunetix 360 detected that Apache server-info is enabled.

Information disclosed from this page can be used to gain further information about the target system.

Impact

An attacker can gather useful information about the internals of the target web server, including:
  • Current server configuration
  • Server version
  • Server build time
  • Server root
  • Server httpd.conf configuration file path
  • Server build parameters
  • Apache modules and module directives
This type of information can help an attacker harvest information on the target in order to further develop the attack surface.

Severity

Medium

Classification

CAPEC-347 CWE-16 ISO27001-A.18.1.3 WASC-14 OWASP 2013-A5 OWASP 2017-A6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C