SoylentNews

A year old loophole in Apache Web Server, uncovered by an unknown Computer Science Student, could potentially unmask the real identity of .onion-domains and servers hidden behind the Tor-network.

Although the loophole was reported on Reddit and to the Tor Project months back, it recently came to the limelight soon after a tweet by Alec Muffet, a well-known security enthusiast and current software engineer at Facebook.

...

According to the report, most distributions of Apache Server ship with mod_status module, enabled by default, which could disclose the real identity of the .onion domains, placing the Onion Servers at risk of being identified.