2024-05-17 01:31:34 -07:00
id : apache-server-status-localhost
2024-06-12 22:55:22 +05:30
2020-04-04 23:49:48 +05:30
info :
name : Server Status Disclosure
2024-05-17 01:20:17 -07:00
author : pdteam,geeknik,NaN-kl
2020-04-04 23:49:48 +05:30
severity : low
2024-06-12 22:55:22 +05:30
description : |
Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
2023-04-28 13:41:21 +05:30
metadata :
2024-05-17 01:20:17 -07:00
max-request : 2
2025-10-17 14:17:02 +02:00
tags : apache,debug,misconfig,vuln
2024-06-12 22:55:22 +05:30
flow : http(1) && http(2)
2023-04-27 09:58:59 +05:30
http :
2020-04-04 23:49:48 +05:30
- method : GET
2024-05-17 01:20:17 -07:00
path :
- "{{BaseURL}}/server-status"
2024-06-12 22:55:22 +05:30
2024-05-17 01:20:17 -07:00
matchers :
- type : status
status :
- 403
- 404
2024-06-12 22:55:22 +05:30
- 401
condition : or
internal : true
2024-05-17 01:20:17 -07:00
- method : GET
2024-06-12 22:55:22 +05:30
path :
- "{{BaseURL}}/server-status"
2020-04-04 23:49:48 +05:30
headers :
2024-05-17 15:24:58 -07:00
Forwarded : 127.0 .0 .1
X-Client-IP : 127.0 .0 .1
X-Forwarded-By : 127.0 .0 .1
X-Forwarded-For : 127.0 .0 .1
X-Forwarded-For-IP : 127.0 .0 .1
X-Forwarded-Host : 127.0 .0 .1
X-Host : 127.0 .0 .1
X-Originating-IP : 127.0 .0 .1
X-Remote-Addr : 127.0 .0 .1
X-Remote-IP : 127.0 .0 .1
X-True-IP : 127.0 .0 .1
2024-06-12 22:55:22 +05:30
2020-04-04 23:49:48 +05:30
matchers :
- type : word
words :
2024-06-12 22:55:22 +05:30
- "Apache Server Status"
- "Server Version"
condition : and
2025-10-26 16:17:34 +00:00
# digest: 4a0a00473045022100a9f527e16363569985a535290a6696fb4c577e9e5160a424dd1abdc645fb41880220197c428da9ef4d89a9090c88db88e50a9c15ed61d5759ff037fd1addcf917d53:922c64590222798bb761d5b6d8e72950
