Apache mod_negotiation filename bruteforcing vulnerability Scanner
Apache contains a mod_negotiation filename bruteforcing vulnerability.
Short Info
Level
Low
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
5 sec
Scan only one
Url
Parent Category
Apache mod_negotiation filename bruteforcing vulnerability Scanner Detail
mod_negotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing. This behaviour can help an attacker to learn more about his target, for example, generate a list of base names, generate a list of interesting extensions, look for backup files and so on.
Try it yourself,
control security posture
control security posture