Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Server Status Disclosure" module is designed to detect the misconfiguration of the Apache server, specifically related to the server status page. This module targets Apache servers and checks for the presence of the "Apache Server Status" and "Server Version" words in the response. It is a low severity module that helps identify potential information disclosure vulnerabilities.
If the server status page is misconfigured and accessible to unauthorized users, it can reveal sensitive information about the server, such as server version, active connections, and recent requests. This information can be exploited by attackers to gain insights into the server's configuration and potentially launch further attacks.
The module sends a GET request to the "/server-status" path of the target Apache server. It includes various headers in the request, such as "X-Host," "Forwarded," and "X-True-IP." The module then checks the response for the presence of the "Apache Server Status" and "Server Version" words using a word matching condition. If both words are found, the module considers the server status page to be disclosed.
Example HTTP request:
GET /server-status HTTP/1.1
Host: [target server IP]
X-Host: 127.0.0.1
Forwarded: 127.0.0.1
X-True-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Forwarded-For-IP: 127.0.0.1
The module's matching condition requires both "Apache Server Status" and "Server Version" words to be present in the response for a positive match. This ensures that the server status page is disclosed only if both conditions are met.
X-Host: 127.0.0.1
Forwarded: 127.0.0.1
X-True-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Forwarded-For-IP: 127.0.0.1