Apache Web Server Server-Info Enabled
Netsparker detected that
Apache server-info is enabled.
Information disclosed from this page can be used to gain further information about the target system.
An attacker can gather useful information about the internals of the target web server, including:
- Current server configuration
- Server version
- Server build time
- Server root
- Server httpd.conf configuration file path
- Server build parameters
- Apache modules and module directives
This type of information can help an attacker harvest information on the target in order to further develop the attack surface.
We recommend disabling this functionality. Comment out the
Location/server-info section from Apache configuration file httpd.conf.