2024-05-17 01:31:34 -07:00
id : apache-server-status-localhost
2024-06-12 22:55:22 +05:30
2020-04-04 23:49:48 +05:30
info :
name : Server Status Disclosure
2024-05-17 01:20:17 -07:00
author : pdteam,geeknik,NaN-kl
2020-04-04 23:49:48 +05:30
severity : low
2024-06-12 22:55:22 +05:30
description : |
Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
2023-04-28 13:41:21 +05:30
metadata :
2024-05-17 01:20:17 -07:00
max-request : 2
2023-10-14 16:57:55 +05:30
tags : apache,debug,misconfig
2024-06-12 22:55:22 +05:30
flow : http(1) && http(2)
2023-04-27 09:58:59 +05:30
http :
2020-04-04 23:49:48 +05:30
- method : GET
2024-05-17 01:20:17 -07:00
path :
- "{{BaseURL}}/server-status"
2024-06-12 22:55:22 +05:30
2024-05-17 01:20:17 -07:00
matchers :
- type : status
status :
- 403
- 404
2024-06-12 22:55:22 +05:30
- 401
condition : or
internal : true
2024-05-17 01:20:17 -07:00
- method : GET
2024-06-12 22:55:22 +05:30
path :
- "{{BaseURL}}/server-status"
2020-04-04 23:49:48 +05:30
headers :
2024-05-17 15:24:58 -07:00
Forwarded : 127.0 .0 .1
X-Client-IP : 127.0 .0 .1
X-Forwarded-By : 127.0 .0 .1
X-Forwarded-For : 127.0 .0 .1
X-Forwarded-For-IP : 127.0 .0 .1
X-Forwarded-Host : 127.0 .0 .1
X-Host : 127.0 .0 .1
X-Originating-IP : 127.0 .0 .1
X-Remote-Addr : 127.0 .0 .1
X-Remote-IP : 127.0 .0 .1
X-True-IP : 127.0 .0 .1
2024-06-12 22:55:22 +05:30
2020-04-04 23:49:48 +05:30
matchers :
- type : word
words :
2024-06-12 22:55:22 +05:30
- "Apache Server Status"
- "Server Version"
condition : and
2024-12-01 13:57:55 +00:00
# digest: 4a0a0047304502206b954b01f9125fb0876efbd6e4bb87596ba7fad1ffe52eec9d72491635b1494d022100d4d3cbbd27d8a564dbe702508b3b69c94fbfdadd2f6a94dd59e1cb0339990104:922c64590222798bb761d5b6d8e72950
