2024-05-17 08:31:34 +00:00
id : apache-server-status-localhost
2024-06-12 17:25:22 +00:00
2020-04-04 18:19:48 +00:00
info :
name : Server Status Disclosure
2024-05-17 08:20:17 +00:00
author : pdteam,geeknik,NaN-kl
2020-04-04 18:19:48 +00:00
severity : low
2024-06-12 17:25:22 +00:00
description : |
Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
2023-04-28 08:11:21 +00:00
metadata :
2024-05-17 08:20:17 +00:00
max-request : 2
2023-10-14 11:27:55 +00:00
tags : apache,debug,misconfig
2024-06-12 17:25:22 +00:00
flow : http(1) && http(2)
2023-04-27 04:28:59 +00:00
http :
2020-04-04 18:19:48 +00:00
- method : GET
2024-05-17 08:20:17 +00:00
path :
- "{{BaseURL}}/server-status"
2024-06-12 17:25:22 +00:00
2024-05-17 08:20:17 +00:00
matchers :
- type : status
status :
- 403
- 404
2024-06-12 17:25:22 +00:00
- 401
condition : or
internal : true
2024-05-17 08:20:17 +00:00
- method : GET
2024-06-12 17:25:22 +00:00
path :
- "{{BaseURL}}/server-status"
2020-04-04 18:19:48 +00:00
headers :
2024-05-17 22:24:58 +00:00
Forwarded : 127.0 .0 .1
X-Client-IP : 127.0 .0 .1
X-Forwarded-By : 127.0 .0 .1
X-Forwarded-For : 127.0 .0 .1
X-Forwarded-For-IP : 127.0 .0 .1
X-Forwarded-Host : 127.0 .0 .1
X-Host : 127.0 .0 .1
X-Originating-IP : 127.0 .0 .1
X-Remote-Addr : 127.0 .0 .1
X-Remote-IP : 127.0 .0 .1
X-True-IP : 127.0 .0 .1
2024-06-12 17:25:22 +00:00
2020-04-04 18:19:48 +00:00
matchers :
- type : word
words :
2024-06-12 17:25:22 +00:00
- "Apache Server Status"
- "Server Version"
condition : and
2024-06-13 16:55:46 +00:00
# digest: 490a004630440220214c8dd0248d477eb1c3ec246de7bbc8d86f0f451e94ccda36dbf4d68dba3f9a02203aa635a6fc63cd19f76bd66a62a2a80b2d34a6c30c44ea0d7a1994ee72c2c8c2:922c64590222798bb761d5b6d8e72950
