Summary #

Invicti detected that Apache server-info is enabled.

Information disclosed from this page can be used to gain further information about the target system.

Impact #
An attacker can gather useful information about the internals of the target web server, including:
  • Current server configuration
  • Server version
  • Server build time
  • Server root
  • Server httpd.conf configuration file path
  • Server build parameters
  • Apache modules and module directives
This type of information can help an attacker harvest information on the target in order to further develop the attack surface.
Classifications #
CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo