mod_perl Apache::Status Info Disclosure

medium Nessus Plugin ID 36100

Language:

Synopsis

The remote web server discloses information about its status.

Description

It is possible to obtain an overview of the Perl interpreter embedded in the remote Apache server. This overview includes information such as loaded modules, Perl configuration, and settings of environment variables.

Solution

Ensure that access to Apache::Status / Apache2::Status is limited to valid users / hosts or, if it's not needed, update Apache's configuration file to disable use of this handler.

Plugin Details

Severity: Medium

ID: 36100

File Name: mod_perl_status.nasl

Version: 1.9

Type: remote

Family: Web Servers

Published: 4/7/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/apache

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Detections

Analytics