id: apache-server-status-localhost

info:
  name: Server Status Disclosure
  author: pdteam,geeknik,NaN-kl
  severity: low
  description: |
    Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
  metadata:
    max-request: 2
  tags: apache,debug,misconfig

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/server-status"

    matchers:
      - type: status
        status:
          - 403
          - 404
          - 401
        condition: or
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/server-status"

    headers:
      Forwarded: 127.0.0.1
      X-Client-IP: 127.0.0.1
      X-Forwarded-By: 127.0.0.1
      X-Forwarded-For: 127.0.0.1
      X-Forwarded-For-IP: 127.0.0.1
      X-Forwarded-Host: 127.0.0.1
      X-Host: 127.0.0.1
      X-Originating-IP: 127.0.0.1
      X-Remote-Addr: 127.0.0.1
      X-Remote-IP: 127.0.0.1
      X-True-IP: 127.0.0.1

    matchers:
      - type: word
        words:
          - "Apache Server Status"
          - "Server Version"
        condition: and
# digest: 4a0a0047304502206b954b01f9125fb0876efbd6e4bb87596ba7fad1ffe52eec9d72491635b1494d022100d4d3cbbd27d8a564dbe702508b3b69c94fbfdadd2f6a94dd59e1cb0339990104:922c64590222798bb761d5b6d8e72950