Vulnerability Disclosure

Description

It is possible to obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server status. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and CPU utilization.

Steps to Reproduce

1) Navigate to URL

https://appus.jotform.com/nginx_status

https://avh.jotform.com/nginx_status

https://azusaca.jotform.com/nginx_status

https://bailform.jotform.com/nginx_status

https://amctheatres.jotform.com/nginx_status

https://baltimorecountymd.jotform.com/nginx_status

https://arribagroup.jotform.com/nginx_status

https://bamsi.jotform.com/nginx_status

https://barneshc.jotform.com/nginx_status

https://bcgov.jotform.com/nginx_status

and click on enter

2) It can be observed the server logs can be seen clearly

Impact

Impact

An attacker can gather information about the internals of the target web server, such as:

• Server uptime

• Individual request-response statistics and CPU usage of the working processes

• Current HTTP requests, client IP addresses, requested paths and processed virtual hosts

This type of information can help the attacker gain a greater understanding of the system in use and the other potential avenues of attack available.

Hello,

Please use the following form to report us any issues/vulnerability that you've found: https://www.jotform.com/62984139400962

Thank you.