Is the /server-status page accessibility considered a bug?

What are your thoughts on the /server-status page being a bug? Has anyone been successful reporting this? I’ve been reading some reports on it and it looks like it’s accepted in most cases. I’ve found several of these bugs and figured they were low-hanging fruit and passed them up. Should I have reported them? I’m guessing it all depends on what info is leaked though.

I never reported it. From what I read in the response from /server-status I’m not sure it is worthy of reporting, but I may be wrong.

1 Like


it will depend on the information displayed (maybe CWE-209: Information Exposure Through an Error Message).

usually P5.

1 Like