Apache perl-status Enabled

  • CWE 425
  • WASC 34

The Apache2::Status module provides information about the status of the Perl interpreter embedded in the server. This status page can leak sensitive information that could help an attacker perform more complicated attacks. Please disable /perl-status or restrict it to only a set of IP addresses that really need to use it.

Remediation

Disable this functionality if not required.