nuclei-templates/http/misconfiguration/apache/apache-server-status.yaml

35 lines
1.3 KiB
YAML
Raw Normal View History

2024-01-05 08:19:03 +00:00
id: apache-server-status
info:
2024-01-10 12:23:57 +00:00
name: Apache Server Status Disclosure
2024-01-10 06:59:23 +00:00
author: thabisocn
severity: low
description: |
Apache /server-status displays information about your Apache status. If you are not using this feature, disable it.
2024-01-10 06:59:23 +00:00
reference:
- https://www.exploit-db.com/ghdb/5548
- https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/apache-server-status-detected/
- https://www.acunetix.com/vulnerabilities/web/apache-server-status-detected/
2024-01-05 08:19:03 +00:00
metadata:
verified: true
max-request: 2
2024-01-19 05:41:43 +00:00
google-query:
2024-01-06 19:04:03 +00:00
- site:*/server-status intext:"Apache server status for"
- site:*/server-info intext:"Apache server Information"
2024-01-10 12:23:57 +00:00
tags: misconfig,exposure,apache,debug
2024-01-05 08:19:03 +00:00
http:
- method: GET
path:
2024-01-06 19:04:03 +00:00
- "{{BaseURL}}/server-info"
2024-01-10 06:59:23 +00:00
- "{{BaseURL}}/server-status"
2024-01-06 19:04:03 +00:00
2024-01-05 08:19:03 +00:00
stop-at-first-match: true
matchers:
2024-01-10 12:23:57 +00:00
- type: dsl
dsl:
- 'contains_any(body, "Apache Server Status", "Apache Server Information")'
- 'contains(body, "Server Version")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502202c204b1ab03012bee088dbc4fdbcdaec24ca49525806cc35865188ce133c5d9f022100f7178b966df87e164582a8419c7447ab2cb8e102cfd7b87dff03cb066bfebb75:922c64590222798bb761d5b6d8e72950