diff --git a/http/misconfiguration/apache/apache-server-status-localhost.yaml b/http/misconfiguration/apache/apache-server-status-localhost.yaml index 707347d9d9..5b26072d0e 100644 --- a/http/misconfiguration/apache/apache-server-status-localhost.yaml +++ b/http/misconfiguration/apache/apache-server-status-localhost.yaml @@ -1,19 +1,19 @@ +--- id: apache-server-status-localhost - info: name: Server Status Disclosure author: pdteam,geeknik,NaN-kl severity: low - description: Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens. + description: Apache Server Status page is exposed, which may contain information + about pages visited by the users, their IPs or sensitive information such as + session tokens. metadata: max-request: 2 tags: apache,debug,misconfig - http: - method: GET path: - "{{BaseURL}}/server-status" - headers: {} matchers: - type: status status: @@ -21,25 +21,22 @@ http: - 404 - method: GET headers: - Forwarded: "127.0.0.1" - X-Client-IP: "127.0.0.1" - X-Forwarded-By: "127.0.0.1" - X-Forwarded-For: "127.0.0.1" - X-Forwarded-For-IP: "127.0.0.1" - X-Forwarded-Host: "127.0.0.1" - X-Host: "127.0.0.1" - X-Originating-IP: "127.0.0.1" - X-Remote-Addr: "127.0.0.1" - X-Remote-IP: "127.0.0.1" - X-True-IP: "127.0.0.1" + Forwarded: 127.0.0.1 + X-Client-IP: 127.0.0.1 + X-Forwarded-By: 127.0.0.1 + X-Forwarded-For: 127.0.0.1 + X-Forwarded-For-IP: 127.0.0.1 + X-Forwarded-Host: 127.0.0.1 + X-Host: 127.0.0.1 + X-Originating-IP: 127.0.0.1 + X-Remote-Addr: 127.0.0.1 + X-Remote-IP: 127.0.0.1 + X-True-IP: 127.0.0.1 path: - "{{BaseURL}}/server-status" matchers: - type: word words: - - "Apache Server Status" - - "Server Version" - condition: and - - -# digest: 4a0a00473045022100978e79f5293059d77d7f12996faeb5e7327979bbdc03480dfaa632ce3692895002201fd20b313ef4e49782dca03918a3d53e057bdec80e366451c875c462b9992e8d:922c64590222798bb761d5b6d8e72950 + - Apache Server Status + - Server Version + condition: and \ No newline at end of file