mod_perl Apache::Status Info Disclosure

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server discloses information about its status.

Description :

It is possible to obtain an overview of the Perl interpreter embedded
in the remote Apache server. This overview includes information such
as loaded modules, Perl configuration, and settings of environment
variables.

Solution :

Ensure that access to Apache::Status / Apache2::Status is limited to
valid users / hosts or, if it's not needed, update Apache's
configuration file to disable use of this handler.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 36100 ()

Bugtraq ID:

CVE ID: