Apache stronghold-info enabled
Description
The /stronghold-info endpoint in Apache Stronghold web servers exposes detailed configuration information about the Apache installation, including server settings, loaded modules, and environment variables. This diagnostic endpoint is intended for administrative purposes but is often left accessible to unauthorized users. When publicly accessible, it provides attackers with valuable reconnaissance data that can be used to identify potential attack vectors and plan targeted exploits.
Remediation
Disable the /stronghold-info endpoint if it is not actively required for administrative purposes. This can be accomplished by modifying the Apache configuration file (typically httpd.conf or stronghold.conf):
1. Locate the configuration section that enables the /stronghold-info handler
2. Comment out or remove the following directives:
<Location /stronghold-info>
SetHandler stronghold-info
</Location>3. If the endpoint must remain enabled for legitimate administrative use, restrict access using IP-based access controls:
<Location /stronghold-info>
SetHandler stronghold-info
Require ip 192.168.1.0/24
Require ip 10.0.0.5
</Location>4. Restart the Apache service to apply changes
5. Verify the endpoint is no longer publicly accessible by attempting to access it from an unauthorized network location