Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Nginx Vhost Traffic Status

By kannthu

Low
Vidoc logoVidoc Module
#status#nginx#misconfig
Description

What is the "Nginx Vhost Traffic Status" module?

The "Nginx Vhost Traffic Status" module is a test case designed to detect misconfigurations in Nginx web servers. It targets the Nginx Vhost Traffic Status feature and checks for any potential vulnerabilities. This module has a low severity level and was created by an unknown author.

Impact

The module aims to identify misconfigurations in the Nginx Vhost Traffic Status feature. If misconfigurations are found, it could potentially lead to security vulnerabilities, allowing unauthorized access or manipulation of server traffic statistics.

How the module works?

The module works by sending a GET request to the "/status" path of the targeted Nginx web server. It then applies matching conditions to determine if the server is misconfigured. The matching conditions include checking for specific words like "Nginx Vhost Traffic Status," "Host," and "Zone" in the response. Additionally, it verifies that the response status is 200.

Here is an example of the HTTP request sent by the module:

GET /status

If all matching conditions are met, the module will report a potential misconfiguration in the Nginx Vhost Traffic Status feature.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/status
Matching conditions
word: Nginx Vhost Traffic Status, Host, Zoneand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability