Server Status Disclosure
ID: apache-server-status-localhost
Severity: low
Author: pdteam,geeknik,NaN-kl
Tags: apache,debug,misconfig
Description
Section titled “Description”Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
YAML Source
Section titled “YAML Source”id: apache-server-status-localhost
info: name: Server Status Disclosure author: pdteam,geeknik,NaN-kl severity: low description: | Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens. metadata: max-request: 2 tags: apache,debug,misconfig
flow: http(1) && http(2)
http: - method: GET path: - "{{BaseURL}}/server-status"
matchers: - type: status status: - 403 - 404 - 401 condition: or internal: true
- method: GET path: - "{{BaseURL}}/server-status"
headers: Forwarded: 127.0.0.1 X-Client-IP: 127.0.0.1 X-Forwarded-By: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Forwarded-For-IP: 127.0.0.1 X-Forwarded-Host: 127.0.0.1 X-Host: 127.0.0.1 X-Originating-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-True-IP: 127.0.0.1
matchers: - type: word words: - "Apache Server Status" - "Server Version" condition: and# digest: 4a0a0047304502206b954b01f9125fb0876efbd6e4bb87596ba7fad1ffe52eec9d72491635b1494d022100d4d3cbbd27d8a564dbe702508b3b69c94fbfdadd2f6a94dd59e1cb0339990104:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/misconfiguration/apache/apache-server-status-localhost.yaml"