Vulnerability Disclosure

  • Harinder Singh
    Answered on June 14, 2021 01:21 PM


    It is possible to obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server status. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and CPU utilization.

    Steps to Reproduce

    1) Navigate to URL

    and click on enter

    2) It can be observed the server logs can be seen clearly



    An attacker can gather information about the internals of the target web server, such as:

    • Server uptime

    • Individual request-response statistics and CPU usage of the working processes

    • Current HTTP requests, client IP addresses, requested paths and processed virtual hosts

    This type of information can help the attacker gain a greater understanding of the system in use and the other potential avenues of attack available.

  • VincentJay
    Answered on June 14, 2021 05:27 PM


    Please use the following form to report us any issues/vulnerability that you've found:

    Thank you.