Apache HTTP Server server-info request has been detected (HTTP_Apache_ServerInfo)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), Proventia Network MFS, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Desktops, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Network Protection, IBM Security Host Protection for Servers (Unix):

This signature looks for an HTTP request with the Apache server-info handler specified.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Proventia Network MFS: XPU 1.33, RealSecure Server Sensor: XPU 22.34, IBM Security Host Protection for Servers (Windows): 1.0.914.0, Proventia-G 1.1 and earlier: XPU 22.34, Proventia Network IDS: XPU 22.34, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Network IPS: 2.0, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0, IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Various vendors Any operating system, Apache HTTP Server

Type

Suspicious Activity

Vulnerability description

server-info is a built-in Apache HTTP Server handler used to retrieve the server's configuration information. A remote attacker could send a specially-crafted URL to a vulnerable server to obtain sensitive information. A server-info request sent to Apache HTTP Server has been detected.

How to remove this vulnerability

This event is for informational purposes only.

References

Stanford WebAuth v3 Web site
Apache's Handler Use - Apache HTTP Server
http://webauthv3.stanford.edu/manual/handler.html

ISS X-Force
Apache HTTP Server server-info request has been detected
http://www.iss.net/security_center/static/16890.php