Researchers found Apache Server-Status Enabled Security Vulnerability in Popular sites
Oct 31, 2012
Researchers found Apache Server-Status Enabled on some popular site like php.net , cisco, nba.com, Cloudflare, Metacafe, Ford, yellow.com, and others. For backgorund, there is a Module mod_status in Apache server which allows a server administrator to find out how well their server is performing. A HTML page is presented that gives the current server statistics in an easily readable form. Basically, mod_status provides information on your apache server activity and performance. The main security risk of using this module is only Information disclosure which includes infomation such as Server uptime, Individual request-response statistics and CPU usage of the working processes, Current HTTP requests, client IP addresses, requested paths, processed virtual hosts. , that could give a potential attacker information about how to attack the web server. Few popular brands showing their status online, discovered by Daniel Cid from Sucuri : https://php.net/server-statu