id: apache-server-status-localhost

info:
  name: Server Status Disclosure
  author: pdteam,geeknik,NaN-kl
  severity: low
  description: |
    Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
  metadata:
    max-request: 2
  tags: apache,debug,misconfig

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/server-status"

    matchers:
      - type: status
        status:
          - 403
          - 404
          - 401
        condition: or
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/server-status"

    headers:
      Forwarded: 127.0.0.1
      X-Client-IP: 127.0.0.1
      X-Forwarded-By: 127.0.0.1
      X-Forwarded-For: 127.0.0.1
      X-Forwarded-For-IP: 127.0.0.1
      X-Forwarded-Host: 127.0.0.1
      X-Host: 127.0.0.1
      X-Originating-IP: 127.0.0.1
      X-Remote-Addr: 127.0.0.1
      X-Remote-IP: 127.0.0.1
      X-True-IP: 127.0.0.1

    matchers:
      - type: word
        words:
          - "Apache Server Status"
          - "Server Version"
        condition: and
# digest: 490a004630440220214c8dd0248d477eb1c3ec246de7bbc8d86f0f451e94ccda36dbf4d68dba3f9a02203aa635a6fc63cd19f76bd66a62a2a80b2d34a6c30c44ea0d7a1994ee72c2c8c2:922c64590222798bb761d5b6d8e72950