LeakIX - Host test.main.de.wolf.eu

Domain test.main.de.wolf.eu

Germany

Telekom Deutschland GmbH

Debian

Apache server-status page is publicly available

The server-status page (usually /server-status) allows server administrators to find out how well their server is performing.

This is a HTML page that gives the current server statistics such as the server version, up time,cpu, ram, and information about requests made to the server.

This information can be very useful if the application is sent sensitive information as GET requests. If you monitor this page you might be able to find CSRF tokens, API keys, hidden paths, and other sensitive information being sent to the server.

https://medium.com/@ghostlulzhacks/apache-server-status-a70abed83f5a

IP: 93.122.70.102
Domain: test.main.de.wolf.eu
Port: 443
URL: https://test.main.de.wolf.eu

First seen 2022-08-10 22:43
Last seen 2022-12-10 06:11
Open for 121 days

Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31f02b60c9f02b60c948abc965

Apache Status

Apache Server Status for test.main.de.wolf.eu (via 172.21.0.4)

Server Version: Apache/2.4.54 (Debian) PHP/7.4.30 OpenSSL/1.1.1n
Server MPM: prefork
Server Built: 2022-06-09T04:26:43

Current Time: Saturday, 10-Dec-2022 06:11:57 UTC
Restart Time: Friday, 09-Dec-2022 12:12:21 UTC
Parent Server Config. Generation: 2
Parent Server MPM Generation: 1
Server uptime:  17 hours 59 minutes 35 seconds
Server load: 0.17 0.15 0.11
Total accesses: 1051 - Total Traffic: 24.3 MB - Total Duration: 1050040
CPU Usage: u115.26 s47.02 cu50.97 cs20.52 - .361% CPU load
.0162 requests/sec - 392 B/second - 23.6 kB/request - 999.087 ms/request
26 requests currently being processed, 0 idle workers
WKWCWCCWWWWCCWCCCCWWWWWWWW......................................
................................................................
......................
Scoreboard Key:
"_" Waiting for Connection, 
"S" Starting up, 
"R" Reading Request,
"W" Sending Reply, 
"K" Keepalive (read), 
"D" DNS Lookup,
"C" Closing connection, 
"L" Logging, 
"G" Gracefully finishing, 
"I" Idle cleanup of worker, 
"." Open slot with no current process



SrvPIDAccMCPU
SSReqDurConnChildSlotClientProtocolVHostRequest

0-116240/85/85W
27.9900752240.03.403.40
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor

1-138112/6/116K
1.6705775089310.70.043.89
10.49.100.254http/1.1test.main-vip.de.wolf.eu:443GET /de-de HTTP/1.1

2-116260/115/115W
23.05001736470.03.373.37
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /info.php HTTP/1.1

3-116271/75/75C
22.5216695572225.61.211.21
10.49.100.254http/1.1test.main-vip.de.wolf.eu:443GET /login.action HTTP/1.1

4-137980/4/58W
1.12002082740.00.051.82
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /.git/config HTTP/1.1

5-116291/122/122C
21.7710505070.91.931.93
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor

6-121761/99/124C
15.27102585500.90.981.65
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /s/230313e20373e2232313e23393/_/;/META-INF/maven/com.atlass

7-138200/3/61W
0.0000343950.00.000.69
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /config.json HTTP/1.1

8-122300/43/47W
11.7500288480.00.440.46
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /s/230313e20373e2232313e23393/_/;/META-INF/maven/com.atlass

9-116340/122/122W
26.7600639810.02.122.12
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /telescope/requests HTTP/1.1

10-123800/20/50W
5.1300274590.00.222.98
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /debug/default/view?panel=config HTTP/1.1

11-137991/5/66C
1.0310198320.70.040.71
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /info.php HTTP/1.1

12-138001/3/3C
1.071027000.70.030.03
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /server-status HTTP/1.1

13-138210/2/2W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /about HTTP/1.1

14-138241/1/1C
0.021000.70.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /config.json HTTP/1.1

15-138251/1/1C
0.001000.70.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /.git/config HTTP/1.1

16-138261/2/2C
0.001000.70.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /login.action HTTP/1.1

17-138271/1/1C
0.001000.70.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:80GET /about HTTP/1.1

18-138350/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /server-status HTTP/1.1

19-138360/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /.DS_Store HTTP/1.1

20-138370/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443PUT /api/v2/cmdb/system/admin/admin HTTP/1.1

21-138380/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /.env HTTP/1.1

22-138390/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /v2/_catalog HTTP/1.1

23-138400/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /?rest_route=/wp/v2/users/ HTTP/1.1

24-138410/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /api/search?folderIds=0 HTTP/1.1

25-138420/0/0W
0.000000.00.000.00
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /login.action HTTP/1.1


  
 SrvChild Server number - generation
 PIDOS process ID
 AccNumber of accesses this connection / this child / this slot
 MMode of operation
CPUCPU usage, number of seconds
SSSeconds since beginning of most recent request
 ReqMilliseconds required to process most recent request
 DurSum of milliseconds required to process all requests
 ConnKilobytes transferred this connection
 ChildMegabytes transferred this child
 SlotTotal megabytes transferred this slot
 



SSL/TLS Session Cache Status:


cache type: SHMCB, shared memory: 512000 bytes, current entries: 12subcaches: 32, indexes per subcache: 88time left on oldest entries' objects: avg: 237 seconds, (range: 196...298)index usage: 0%, cache usage: 0%total entries stored since starting: 62total entries replaced since starting: 0total entries expired since starting: 50total (pre-expiry) entries scrolled out of the cache: 0total retrieves since starting: 0 hit, 197 misstotal removes since starting: 0 hit, 2 miss


Apache/2.4.54 (Debian) Server at test.main.de.wolf.eu Port 443

Found on 2022-12-10 06:11

Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31f02b60c9f02b60c9fc7656ac

Apache Status

Apache Server Status for test.main.de.wolf.eu (via 172.21.0.4)

Server Version: Apache/2.4.54 (Debian) PHP/7.4.30 OpenSSL/1.1.1n
Server MPM: prefork
Server Built: 2022-06-09T04:26:43

Current Time: Monday, 10-Oct-2022 12:29:12 UTC
Restart Time: Tuesday, 26-Jul-2022 13:54:48 UTC
Parent Server Config. Generation: 85
Parent Server MPM Generation: 84
Server uptime:  75 days 22 hours 34 minutes 24 seconds
Server load: 0.09 0.28 0.35
Total accesses: 123538 - Total Traffic: 3.8 GB - Total Duration: 148904373
CPU Usage: u153.69 s367.41 cu189182 cs48014.2 - 3.62% CPU load
.0188 requests/sec - 618 B/second - 32.1 kB/request - 1205.33 ms/request
13 requests currently being processed, 0 idle workers
RRWRKRRRRRRR.K..................................................
................................................................
......................
Scoreboard Key:
"_" Waiting for Connection, 
"S" Starting up, 
"R" Reading Request,
"W" Sending Reply, 
"K" Keepalive (read), 
"D" DNS Lookup,
"C" Closing connection, 
"L" Logging, 
"G" Gracefully finishing, 
"I" Idle cleanup of worker, 
"." Open slot with no current process



SrvPIDAccMCPU
SSReqDurConnChildSlotClientProtocolVHostRequest

0-8439860/13/11019R
12.5110104064620.00.02276.57
10.49.100.254http/1.1

1-8439830/20/10832R
3.000077223350.00.13128.31
10.49.100.254http/1.1

2-8439880/19/10157W
13.3400116841520.00.07511.11
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /server-status HTTP/1.1

3-8439850/21/10367R
3.4800182974510.00.06444.18
10.49.100.254http/1.1

4-8440461/11/10151K
1.541089667970.30.02542.46
10.49.100.254http/1.1wwmaint01.wolf.eu:80GET / HTTP/1.1

5-8440690/4/10030R
0.841094047030.00.01292.72
10.49.100.254http/1.1

6-8440700/4/9685R
0.4110159812250.00.01357.88
10.49.100.254http/1.1

7-8441130/2/8912R
0.0010143208150.00.00293.44
10.49.100.254http/1.1

8-8441150/0/10102R
0.001091122710.00.00186.56
10.49.100.254http/1.1

9-8440710/3/8606R
0.8210113221930.00.01312.52
10.49.100.254http/1.1

10-84259320/142/8865R
33.3300101925740.01.15159.57
10.49.100.254http/1.1

11-8441160/1/5170R
0.23138760812220.00.01160.82
10.49.100.254http/1.1

12-84-0/0/3821.
0.006333055478660.00.0040.48
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

13-8436811/50/2829K
8.002050377040.30.19130.83
10.49.100.254http/1.1test.main.de.wolf.eu:80HEAD / HTTP/1.1

14-84-0/0/766.
0.00126904146720.00.006.57
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

15-84-0/0/705.
0.002503024026480.00.008.27
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

16-84-0/0/588.
0.0083303775500.00.007.95
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

17-80-0/0/349.
0.0043690401210940.00.002.10
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

18-80-0/0/99.
0.004369030700680.00.001.30
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

19-80-0/0/5.
0.00436902010.00.000.00
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

20-80-0/0/6.
0.004369010383330.00.000.03
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

21-80-0/0/7.
0.00436807025070.00.000.11
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

22-82-0/0/353.
0.00278000013495300.00.005.42
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

23-80-0/0/3.
0.00436873060.00.000.00
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

24-80-0/0/11.
0.00436808093620.00.000.19
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

25-80-0/0/100.
0.004330990408180.00.000.40
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0


  
 SrvChild Server number - generation
 PIDOS process ID
 AccNumber of accesses this connection / this child / this slot
 MMode of operation
CPUCPU usage, number of seconds
SSSeconds since beginning of most recent request
 ReqMilliseconds required to process most recent request
 DurSum of milliseconds required to process all requests
 ConnKilobytes transferred this connection
 ChildMegabytes transferred this child
 SlotTotal megabytes transferred this slot
 



SSL/TLS Session Cache Status:


cache type: SHMCB, shared memory: 512000 bytes, current entries: 3subcaches: 32, indexes per subcache: 88time left on oldest entries' objects: avg: 297 seconds, (range: 296...299)index usage: 0%, cache usage: 0%total entries stored since starting: 172total entries replaced since starting: 0total entries expired since starting: 168total (pre-expiry) entries scrolled out of the cache: 0total retrieves since starting: 0 hit, 539 misstotal removes since starting: 1 hit, 45 miss


Apache/2.4.54 (Debian) Server at test.main.de.wolf.eu Port 443

Found on 2022-10-10 12:29

Severity: medium
Fingerprint: ee80c6706842d3ef6842d3ef6325bb316325bb31f02b60c9f02b60c9faa63c17

Apache Status

Apache Server Status for test.main.de.wolf.eu (via 172.21.0.4)

Server Version: Apache/2.4.54 (Debian) PHP/7.4.30 OpenSSL/1.1.1n
Server MPM: prefork
Server Built: 2022-06-09T04:26:43

Current Time: Wednesday, 10-Aug-2022 22:43:35 UTC
Restart Time: Tuesday, 26-Jul-2022 13:54:48 UTC
Parent Server Config. Generation: 18
Parent Server MPM Generation: 17
Server uptime:  15 days 8 hours 48 minutes 47 seconds
Server load: 0.04 0.08 0.08
Total accesses: 21035 - Total Traffic: 404.9 MB - Total Duration: 13388268
CPU Usage: u108.27 s105.63 cu43291 cs9962.16 - 4.03% CPU load
.0158 requests/sec - 319 B/second - 19.7 kB/request - 636.476 ms/request
11 requests currently being processed, 0 idle workers
R.RWWWRWWWCW....................................................
................................................................
......................
Scoreboard Key:
"_" Waiting for Connection, 
"S" Starting up, 
"R" Reading Request,
"W" Sending Reply, 
"K" Keepalive (read), 
"D" DNS Lookup,
"C" Closing connection, 
"L" Logging, 
"G" Gracefully finishing, 
"I" Idle cleanup of worker, 
"." Open slot with no current process



SrvPIDAccMCPU
SSReqDurConnChildSlotClientProtocolVHostRequest

0-17119930/72/2100R
23.470013923420.00.8337.84
10.49.100.254http/1.1

1-17-0/0/1796.
0.000011475130.00.0019.61
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

2-17119450/67/1509R
22.231010604980.00.3772.09
10.49.100.254http/1.1

3-17119920/57/2001W
15.820010741480.00.3323.57
10.49.100.254http/1.1test.main.de.wolf.eu:443GET / HTTP/1.1

4-17120200/63/1739W
18.670010892420.00.9951.89
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /?rest_route=/wp/v2/users/ HTTP/1.1

5-17189250/0/1833W
0.000015719080.00.0017.17
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.expor

6-17189270/0/1621R
0.00009744390.00.0078.69
10.49.100.254http/1.1

7-17120210/65/1616W
17.95008841820.01.0120.47
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /server-status HTTP/1.1

8-17189280/0/1641W
0.00008768020.00.0021.97
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /.git/config HTTP/1.1

9-17189090/3/1477W
0.84009454210.00.0522.32
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /.env HTTP/1.1

10-17189101/4/1474C
0.96005718790.20.0513.52
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

11-17119440/76/650W
21.86003089870.00.627.24
10.49.100.254http/1.1test.main.de.wolf.eu:443GET /s/39332e3132322e37302e313032/_/;/META-INF/maven/com.atlass

12-17-0/0/862.
0.001010780350.00.0010.48
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

13-15-0/0/390.
0.0012332201796540.00.003.49
10.49.100.254http/1.1wwmaint01.wolf.eu:80GET / HTTP/1.1

14-12-0/0/53.
0.002034330401610.00.001.00
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

15-12-0/0/15.
0.00201940079370.00.000.04
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

16-13-0/0/254.
0.0013909301851130.00.003.51
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

17-12-0/0/2.
0.00203431000.00.000.00
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

18-12-0/0/1.
0.00203430000.00.000.00
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0

19-12-0/0/1.
0.00203429000.00.000.00
127.0.0.1http/1.1wwmaint01.wolf.eu:80OPTIONS * HTTP/1.0


  
 SrvChild Server number - generation
 PIDOS process ID
 AccNumber of accesses this connection / this child / this slot
 MMode of operation
CPUCPU usage, number of seconds
SSSeconds since beginning of most recent request
 ReqMilliseconds required to process most recent request
 DurSum of milliseconds required to process all requests
 ConnKilobytes transferred this connection
 ChildMegabytes transferred this child
 SlotTotal megabytes transferred this slot
 



SSL/TLS Session Cache Status:


cache type: SHMCB, shared memory: 512000 bytes, current entries: 13subcaches: 32, indexes per subcache: 88time left on oldest entries' objects: avg: 256 seconds, (range: 235...299)index usage: 0%, cache usage: 0%total entries stored since starting: 66total entries replaced since starting: 0total entries expired since starting: 52total (pre-expiry) entries scrolled out of the cache: 0total retrieves since starting: 0 hit, 174 misstotal removes since starting: 1 hit, 2 miss


Apache/2.4.54 (Debian) Server at test.main.de.wolf.eu Port 443

Found on 2022-08-10 22:43

Create report

Symfony developement panel enabled
The application has Symfony profiling enabled.

It enables an attacker to access the following sensitive content :

System configuration

Request log, including POST request with credentials and/or api keys
IP: 93.122.70.102
Domain: test.main.de.wolf.eu
Port: 443
URL: https://test.main.de.wolf.eu/_profiler/empty/search/results

First seen 2023-04-09 15:07
Last seen 2023-12-12 00:32
Open for 246 days
- Fingerprint: 407cf4363b0e62fafca67e0760dac06960dac06960dac06960dac06960dac069
```
Symfony profiler enabled:
https://test.main.de.wolf.eu/_profiler/empty/search/results
```
  Found on 2023-12-12 00:32
Create report

Domain summary

test.main.de.wolf.eu 4

1 recorded

IP summary

93.122.70.102 1