Summary
Requesting the URI /server-info gives information about your Apache configuration.
Solution
If you don't use this feature, comment the appropriate section in your httpd.conf file. If you really need it, limit its access to the administrator's machine.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Apple Safari Web Script Execution Vulnerabilites - June09
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability