Download Netsparker
Pricing
Blog
Contact
Netsparker

Apache Web Server Server-Info Enabled

Netsparker detected that Apache server-info is enabled.

Information disclosed from this page can be used to gain further information about the target system.

Impact

An attacker can gather useful information about the internals of the target web server, including:
  • Current server configuration
  • Server version
  • Server build time
  • Server root
  • Server httpd.conf configuration file path
  • Server build parameters
  • Apache modules and module directives
This type of information can help an attacker harvest information on the target in order to further develop the attack surface.

Remedy

We recommend disabling this functionality. Comment out the Location/server-info section from Apache configuration file httpd.conf.

External References


Go back to the Complete list of Vulnerability Checks.