Apache server-info enabled

Impact: Medium

Description

Exposing the Apache server-info page allows attackers to gather detailed information about the server configuration, installed modules, and other system-related details, aiding potential attacks.

Recommendation

To mitigate this risk, disable the server-info functionality in the Apache configuration file. Additionally, restrict access to the /server-info URL using appropriate access controls.

References

Apache HTTP Server
Apache Module mod_info
CWE-16
CWE-200
OWASP 2021-A5
OWASP: Information Leakage

👉 You might also like:

Apache server-status enabled - Vulnerability

Apache Version Disclosure - Vulnerability

Nginx Version Disclosure - Vulnerability

Server Version Disclosure - Vulnerability

Last updated on May 13, 2024

Apache server-info enabled

Description

Recommendation

References

Use SmartScanner Free version to test for this issue