Online Apache Server Status Disclosure Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Online Apache Server Status Disclosure Scanner Detail

It is possible to obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'.

The Apache webserver module mod_status provides information on an Apache server's activity and performance. The module uses a publicly accessible webpage located at /server-status to provide real-time traffic logs in addition to host information including CPU usage, current HTTP requests, client IP addresses, requested paths, and processed virtual hosts. Such information could give a potential attacker information to aid further attacks and could disclose sensitive traffic information. No authentication is required to exploit this information disclosure vulnerability.

Some Advice for Common Problems

If required, update Apache's configuration file(s) to either disable mod_status or ensure that access is limited to valid users / hosts.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service