Stronghold Secure Web Server Information Disclosure Vulnerability

Stronghold Secure Web Server Information Disclosure Vulnerability

Redhat Stronghold Secure Web Server is a web server based on the Apache source and designed to be robust and secure.

The default installation of Stronghold supports urls designed to help administrate the system by displaying server information, including the httpd.conf file. A malicious user viewing this information may be able to use it to stage further attacks on the server. The relevant urls are:

http://target/stronghold-info
http://target/stronghold-status

These urls are not enabled in the default installation.