Description

Apache /server-info displays information about your Apache configuration. If you are not using this feature, disable it.

Remediation

Disable this functionality if not required. Comment out the <Location /server-info> section from httpd.conf.

References

Apache Homepage

Related Vulnerabilities

Content Security Policy (CSP) Nonce Without Matching Script Block

WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)

RethinkDB administrative interface publicly exposed

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.5)

W3 total cache debug mode

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure