Summary
Leak of information in Apache.
Impact
Requesting the URI /server-status gives information about the currently running Apache.
Solution
If you don't use this feature, comment the appropriate section in your httpd.conf file. If you really need it, limit its access to the administrator's machine.
Insight
server-status is a built-in Apache HTTP Server handler used to retrieve the server's status report.
Affected
All Apache version.
Detection
Check if /server-status page exist.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability