Apache mod_perl Status Page Exposure

Nash N Sulthan
Published on
20 Dec 2021


Information disclosed from this page can be used to gain additional information about the target system. An attacker can gather reconnaissance information about the internals of the target web server, such as:

  • Server uptime

  • Individual request-response statistics and CPU usage of the working processes

  • Current HTTP requests, client IP addresses, requested paths, and processed virtual hosts

This type of information can help the attacker gain a greater understanding of the system in use and the other potential avenues of attack available.

Mitigation measures

Disable this functionality. Comment out the Location/server-info section from Apache configuration file httpd.conf (for Redhat, Centos, Fedora) or apache2.conf (for Debian, Ubuntu).

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment