id: webalizer-statistics info: name: Webalizer Statistics Information Disclosure author: 0x_Akoko severity: low description: | The remote host is running the Webalizer Report generator. Webalizer parses web logs and gives a potential attacker information regarding hosts that have accessed the server, resources accessed, total statistics for the Web server, version of Web server, and more. remediation: Use ACLs to protect the Webalizer report. reference: - https://www.rapid7.com/db/vulnerabilities/spider-webalizer-stats-disclosure - https://www.tenable.com/plugins/nnm/2506 metadata: max-request: 2 verified: true shodan-query: html:"Generated by The Webalizer" tags: webalizer,logs,statistics,tenable http: - method: GET path: - '{{BaseURL}}' - '{{BaseURL}}/stats/index.html' stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - 'Generated by The Webalizer' - 'Usage Statistics' condition: and - type: status status: - 200