Online Apache Server Status Disclosure Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

5

Online Apache Server Status Disclosure Scanner Detail

It is possible to obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'.

The Apache webserver module mod_status provides information on an Apache server's activity and performance. The module uses a publicly accessible webpage located at /server-status to provide real-time traffic logs in addition to host information including CPU usage, current HTTP requests, client IP addresses, requested paths, and processed virtual hosts. Such information could give a potential attacker information to aid further attacks and could disclose sensitive traffic information. No authentication is required to exploit this information disclosure vulnerability.

Some Advice for Common Problems

If required, update Apache's configuration file(s) to either disable mod_status or ensure that access is limited to valid users / hosts.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service