Systems Management Question
Apache information is publicly accessible
I found that if you go to your ipaddress/server-status, it will show you private information such as connections, IPs, uptime, OS version, apache version.
This is the vulnerability https://nvd.nist.gov/vuln/detail/CVE-2014-0226
Even though the apache version running is greater than the one in the article, the feature mod_status is enabled. The solution is to either disable mod_status or ensure that access is limited to valid users / hosts. However, there is no way to modify the httpd.conf since it's a closed box. I am dealing with support, but they are not giving me a solution yet.
All of you guys have the same issue? Do you have a workaround?