Apache Default Index Page

medium Nessus Plugin ID 106230

Synopsis

The remote web server uses the default Apache index page

Description

The remote web server uses the default Apache index page. This page may contain some sensitive data like the server root and installation paths.

Solution

Remove the default index page.

See Also

https://www.owasp.org/index.php/SCG_WS_Apache

Plugin Details

Severity: Medium

ID: 106230

File Name: apache_default_files.nasl

Version: 1.6

Type: remote

Family: Web Servers

Published: 1/22/2018

Updated: 9/3/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache, Settings/ParanoidReport