A vast number of websites ranging from obscure to quite popular have left an Apache Web server functionality called server-status enabled and publicly accessible. The care-less implementation of this module, Securi CTO Daniel Cid warns in a write-up on Securiblog, could give potential attackers valuable information to help launch targeted attacks. Cid: Server-status is an Apache module that gives administrators the ability to monitor server activity and performance through an HTML page that displays server statistics in an easily readable format. The module presents to admins various important data points, including the number of server requests and idle workers, the status of each worker.
Source: https://threatpost.com/apache-server-status-publicly-viewable-top-sites-110212/77178/