Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Apache Filename Enumeration" module is designed to detect a misconfiguration in Apache servers. It targets instances where the server responds with a 406 Not Acceptable error containing a pseudo directory listing when an invalid Accept header is provided. This module has a low severity level.
If the Apache server is misconfigured, it may expose sensitive information about the server's directory structure. This can potentially aid attackers in identifying potential targets and vulnerabilities.
The "Apache Filename Enumeration" module works by sending a GET request to the "/index" path with a fake Accept header. It then checks the server's response for specific matching conditions. The matching conditions include checking for a 406 status code and the presence of certain words such as "Not Acceptable", "Available variants:", and "
Apache Server at". If these conditions are met, the module flags the server as potentially misconfigured.Example HTTP request:
GET /index
Accept: fake/value
The module's matching conditions:
- Status code: 406 - Words: "Not Acceptable", "Available variants:", "Apache Server at"If all the matching conditions are satisfied, the module will report a potential misconfiguration in the Apache server.
Accept: fake/value