Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Apache mod_perl Status Page Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#config#exposure#apache#status
Description

What is the "Apache mod_perl Status Page Exposure?"

The "Apache mod_perl Status Page Exposure" module is designed to detect a misconfiguration in the Apache mod_perl server software. Mod_perl is an Apache module that embeds the Perl interpreter into the web server, allowing for enhanced performance and flexibility in handling dynamic content. This module specifically targets the mod_perl status page, which can potentially expose sensitive information about the server and its configuration.

This module has a medium severity level, indicating that while it may not pose an immediate threat, it should still be addressed to prevent potential security risks.

Author: pdteam

Impact

If the Apache mod_perl status page is exposed, it can provide valuable information to attackers, such as the version of Perl being used and potentially other sensitive server details. This information can be used to identify vulnerabilities or weaknesses in the server configuration, which could be exploited to gain unauthorized access or launch further attacks.

How the module works?

The module works by sending a GET request to the "/perl-status" path on the target server. It then looks for specific content in the response to determine if the mod_perl status page is exposed.

The matching condition for this module checks if the response contains the following words: "<title>Apache2::Status" and "Perl version". If both words are found, it indicates that the mod_perl status page is present and potentially exposed.

By detecting this misconfiguration, the module helps identify instances where the mod_perl status page is accessible to unauthorized users, allowing administrators to take appropriate action to secure the server.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/perl-status
Matching conditions
word: <title>Apache2::Status, Perl version
Passive global matcher
No matching conditions.
On match action
Report vulnerability