#
# This script was written by Eder "Frolic" Marques
# <frolic@debian-ce.org>
#
# This script is distributed under GPL License
#

if(description)
{
	script_id(99991);
	script_version("$Revision: 0.4 $");
	name["english"] = "Apache2 banner disclosure";
	script_name(name["english"]);
	desc["english"] = "
	This script checks if the Apache2 is giving more
	information that it would give.
	Solution: Add these lines to apache2 configuration file:
	ServerSignature Off
	ServerTokens Prod
	Risk factor : Low";

	script_description(english:desc["english"]);
	summary["english"] = "Checks apache2 banners";
	script_summary(english:summary["english"]);
	script_category(ACT_GATHER_INFO);
	script_copyright(english:"This script is Copyright (C) 2007 Eder L. Marques");
	family["english"] = "Web Servers";
	script_family(english:family["english"]);
	script_require_ports("Services/www", 80);
	exit(0);
}

#
# Script code
#

include("http_func.inc");
include("backport.inc");

#verifica se está rodando o servico www
port = get_http_port(default:80);
if(!port) port = 80;
if(!get_port_state(port)) exit(0);

# busca as informacoes do servidor
banner = get_backport_banner(banner:get_http_banner(port: port));
if(!banner)exit(0);
server = strstr(banner, "Server");
if(ereg(pattern:"^Server:.*Apache/[0-9]\.[0-9]\.[0-9].*PHP.*", string:server))
 {
    security_warning(port);
 }