id: apache-server-status-localhost

info:
  name: Server Status Disclosure
  author: pdteam,geeknik,NaN-kl
  severity: low
  description: |
    Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
  metadata:
    max-request: 2
  tags: apache,debug,misconfig,vuln

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/server-status"

    matchers:
      - type: status
        status:
          - 403
          - 404
          - 401
        condition: or
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/server-status"

    headers:
      Forwarded: 127.0.0.1
      X-Client-IP: 127.0.0.1
      X-Forwarded-By: 127.0.0.1
      X-Forwarded-For: 127.0.0.1
      X-Forwarded-For-IP: 127.0.0.1
      X-Forwarded-Host: 127.0.0.1
      X-Host: 127.0.0.1
      X-Originating-IP: 127.0.0.1
      X-Remote-Addr: 127.0.0.1
      X-Remote-IP: 127.0.0.1
      X-True-IP: 127.0.0.1

    matchers:
      - type: word
        words:
          - "Apache Server Status"
          - "Server Version"
        condition: and
# digest: 4a0a00473045022100a9f527e16363569985a535290a6696fb4c577e9e5160a424dd1abdc645fb41880220197c428da9ef4d89a9090c88db88e50a9c15ed61d5759ff037fd1addcf917d53:922c64590222798bb761d5b6d8e72950