Description
Apache /server-status displays information about your Apache status. If you are not using this feature, disable it.
Remediation
Disable this functionality if not required. Comment out the <Location /server-status> section from httpd.conf.
References
Related Vulnerabilities
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10334)
WordPress 4.7 Multiple Vulnerabilities (4.7)
WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)
WordPress Multiple Vulnerabilities (0.70 - 3.6.1)
WordPress Plugin Credova_Financial Information Disclosure (1.4.8)