Apache HTTP Server server-info request has been detected (HTTP_Apache_ServerInfo)

About this signature or vulnerability

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Proventia-G 1.1 and earlier, Proventia Network IPS, Proventia Network MFS, Proventia Network IDS, IBM Security Host Protection for Desktops, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature looks for an HTTP request with the Apache server-info handler specified.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

RealSecure Server Sensor: XPU 22.34, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Proventia-G 1.1 and earlier: XPU 22.34, Proventia Network IPS: 2.0, Proventia Network MFS: XPU 1.33, Proventia Network IDS: XPU 22.34, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0

Systems affected

Apache HTTP Server, Various vendors Any operating system

Type

Suspicious Activity

Vulnerability description

server-info is a built-in Apache HTTP Server handler used to retrieve the server's configuration information. A remote attacker could send a specially-crafted URL to a vulnerable server to obtain sensitive information. A server-info request sent to Apache HTTP Server has been detected.

How to remove this vulnerability

This event is for informational purposes only.

References

Stanford WebAuth v3 Web site
Apache's Handler Use - Apache HTTP Server
http://webauthv3.stanford.edu/manual/handler.html

ISS X-Force
Apache HTTP Server server-info request has been detected
http://www.iss.net/security_center/static/16890.php