mod_perl Apache::Status Info Disclosure

Medium Nessus Plugin ID 36100


The remote web server discloses information about its status.


It is possible to obtain an overview of the Perl interpreter embedded in the remote Apache server. This overview includes information such as loaded modules, Perl configuration, and settings of environment variables.


Ensure that access to Apache::Status / Apache2::Status is limited to valid users / hosts or, if it's not needed, update Apache's configuration file to disable use of this handler.

Plugin Details

Severity: Medium

ID: 36100

File Name: mod_perl_status.nasl

Version: $Revision: 1.8 $

Type: remote

Family: Web Servers

Published: 2009/04/07

Modified: 2015/09/24

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/apache

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true