Apache /server-info accessible

Published: 2005-11-03 13:08:04

CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary:
Requesting the URI /server-info provides a comprehensive overview of the server configuration.

Technical Details:
server-info is a Apache HTTP Server handler provided by the 'mod_info' module and used to retrieve the server's configuration.

Impact:
Requesting the URI /server-info gives throughout information about the currently running Apache to an attacker.

Affected Versions:
All Apache installations with an enabled 'mod_info' module.

Detection Method:
Checks if the /server-info page of Apache is accessible.

Recommendations:
- If this feature is unused commenting out the appropriate section in the web servers configuration is recommended. - If this feature is used restricting access to trusted clients is recommended.

Detection Type:
Remote Banner

Solution Type:
Workaround

References:

https://httpd.apache.org/docs/current/mod/mod_info.html

Search
Severity
Medium
CVSS Score
5.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.