Apache information is publicly accessible


I found that if you go to your ipaddress/server-status, it will show you private information such as connections, IPs, uptime, OS version, apache version.

This is the vulnerability https://nvd.nist.gov/vuln/detail/CVE-2014-0226

Even though the apache version running is greater than the one in the article, the feature mod_status is enabled. The solution is to either disable mod_status or ensure that access is limited to valid users / hosts. However, there is no way to modify the httpd.conf since it's a closed box. I am dealing with support, but they are not giving me a solution yet.

All of you guys have the same issue? Do you have a workaround?

3 Comments   [ + ] Show comments
  • I'd be interested in hearing the results from support. - ondrar 3 years ago
  • What version are you running? I just tried it on a 10.0 test box and could get to /server-status, but could not get to it on production 9.1 boxes. - ondrar 3 years ago
  • This issue is currently under investigation. We will update this post once this has been completed. - KevinG 3 years ago

Answers (1)

Posted by: KevinG 3 years ago
Red Belt

We now have a fix that can be applied. Can you post your Support Ticket number for me.

  • What was the fix? We are showing the same Vulnerability after updating to Ver.10. - abeckloff 3 years ago
    • Contact support and they can tether in and apply the fix. It will drop all connections at the time, but the whole process takes like 10 seconds. - ondrar 3 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ