Apache HTTP Server server-info request has been detected (HTTP_Apache_ServerInfo)

About this signature or vulnerability

IBM Security Network Protection, Proventia Network IPS, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Server IPS for Linux technology, BlackICE Agent for Server, IBM Security Host Protection for Desktops, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Servers (Unix):

This signature looks for an HTTP request with the Apache server-info handler specified.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Network Protection: 5.1, Proventia Network IPS: 2.0, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Servers (Windows): 1.0.914.0, RealSecure Server Sensor: XPU 22.34, Proventia Server IPS for Linux technology: 1.0, BlackICE Agent for Server: 3.6eof, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Network MFS: XPU 1.33, Proventia-G 1.1 and earlier: XPU 22.34, Proventia Network IDS: XPU 22.34, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Host Protection for Servers (Windows): 2.1.14.2400

Systems affected

Apache HTTP Server, Various vendors Any operating system

Type

Suspicious Activity

Vulnerability description

server-info is a built-in Apache HTTP Server handler used to retrieve the server's configuration information. A remote attacker could send a specially-crafted URL to a vulnerable server to obtain sensitive information. A server-info request sent to Apache HTTP Server has been detected.

How to remove this vulnerability

This event is for informational purposes only.

References

Stanford WebAuth v3 Web site
Apache's Handler Use - Apache HTTP Server
http://webauthv3.stanford.edu/manual/handler.html

ISS X-Force
Apache HTTP Server server-info request has been detected
http://www.iss.net/security_center/static/16890.php