Apache HTTP Server server-info request has been detected (HTTP_Apache_ServerInfo)

About this signature or vulnerability

Proventia Network IPS, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), IBM Security Host Protection for Servers (Unix), Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature looks for an HTTP request with the Apache server-info handler specified.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

Proventia Network IPS: 2.0, RealSecure Server Sensor: XPU 22.34, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network IDS: XPU 22.34, Proventia-G 1.1 and earlier: XPU 22.34, Proventia Network MFS: XPU 1.33, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0

Systems affected

Apache HTTP Server, Various vendors Any operating system

Type

Suspicious Activity

Vulnerability description

server-info is a built-in Apache HTTP Server handler used to retrieve the server's configuration information. A remote attacker could send a specially-crafted URL to a vulnerable server to obtain sensitive information. A server-info request sent to Apache HTTP Server has been detected.

How to remove this vulnerability

This event is for informational purposes only.

References

Stanford WebAuth v3 Web site
Apache's Handler Use - Apache HTTP Server
http://webauthv3.stanford.edu/manual/handler.html

ISS X-Force
Apache HTTP Server server-info request has been detected
http://www.iss.net/security_center/static/16890.php