Pentest-Tools.comReport
WebServerVulnerabilityScanwithNikto
Testparameters:
-WebsiteURL http://projects.xxxxxxxx.com/portal/
Testdate:28-Jul-2015,17:21:16
Testresult:
-Niktov2.1.6
--------------------------------------------------------------------------+TargetIP:89.x.x.53
+TargetHostname:projects.xxxxxxxx.com
+TargetPort:80
+TargetPath:/portal
+StartTime:2015-07-2817:21:16(GMT3)
--------------------------------------------------------------------------+Server:Apache/2.2.14(Win32)DAV/2mod_ssl/2.2.14OpenSSL/0.9.8lmod_autoindex_colorPHP/5.3.1mod_apreq2-20090110/2.7.1mod_perl/2.0.4Perl/v5.10.1
+Retrievedx-powered-byheader:PHP/5.3.1
+Theanti-clickjackingX-Frame-Optionsheaderisnotpresent.
+TheX-XSS-Protectionheaderisnotdefined.ThisheadercanhinttotheuseragenttoprotectagainstsomeformsofXSS
+TheX-Content-Type-Optionsheaderisnotset.ThiscouldallowtheuseragenttorenderthecontentofthesiteinadifferentfashiontotheMIMEtype
+ServerleaksinodesviaETags,headerfoundwithfile/index.html,inode:281474976717305,size:44,mtime:SunDec2000:00:002009
+PHP/5.3.1appearstobeoutdated(currentisatleast5.6.9).PHP5.5.25and5.4.41arealsocurrent.
+OpenSSL/0.9.8lappearstobeoutdated(currentisatleast1.0.1j).OpenSSL1.0.0oand0.9.8zcarealsocurrent.
+Perl/v5.10.1appearstobeoutdated(currentisatleastv5.14.2)
+mod_ssl/2.2.14appearstobeoutdated(currentisatleast2.8.31)(maydependonserverversion)
+mod_perl/2.0.4appearstobeoutdated(currentisatleast2.0.7)
+Apache/2.2.14appearstobeoutdated(currentisatleastApache/2.4.12).Apache2.0.65(finalrelease)and2.2.29arealsocurrent.
+Apachemod_negotiationisenabledwithMultiViews,whichallowsattackerstoeasilybruteforcefilenames.Seehttp://www.wisec.it/sectou.php?id=4698ebdc59d15.
+OSVDB-877:HTTPTRACEmethodisactive,suggestingthehostisvulnerabletoXST
+mod_ssl/2.2.14OpenSSL/0.9.8lmod_autoindex_colorPHP/5.3.1mod_apreq2-20090110/2.7.1mod_perl/2.0.4Perl/v5.10.1-mod_ssl2.8.7andlowerarevulnerabletoaremotebufferoverflow.
+OSVDB-682:/webalizer/:Webalizermaybeinstalled.Versionslowerthan2.01-09vulnerabletoCrossSiteScripting(XSS).
+OSVDB-12184:/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000:PHPrevealspotentiallysensitiveinformationviacertainHTTPrequeststhatcontainspecificQUERYstrings.
+OSVDB-12184:/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42:PHPrevealspotentiallysensitiveinformationviacertainHTTPrequeststhatcontainspecificQUERYstrings.
+OSVDB-12184:/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42:PHPrevealspotentiallysensitiveinformationviacertainHTTPrequeststhatcontainspecificQUERYstrings.
+OSVDB-12184:/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42:PHPrevealspotentiallysensitiveinformationviacertainHTTPrequeststhatcontainspecificQUERYstrings.
+OSVDB-561:/server-status:ThisrevealsApacheinformation.CommentoutappropriatelineintheApacheconffileorrestrictaccesstoallowedsources.
+OSVDB-3092:/phpmyadmin/changelog.php:phpMyAdminisformanagingMySQLdatabases,andshouldbeprotectedorlimitedtoauthorizedhosts.
+OSVDB-3092:/phpmyadmin/ChangeLog:phpMyAdminisformanagingMySQLdatabases,andshouldbeprotectedorlimitedtoauthorizedhosts.
+OSVDB-3268:/test/:Directoryindexingfound.
+OSVDB-3092:/test/:Thismightbeinteresting...
+OSVDB-3268:/icons/:Directoryindexingfound.
+OSVDB-562:/server-info:ThisgivesalotofApacheinformation.Commentoutappropriatelineinhttpd.conforrestrictaccesstoallowedhosts.
+OSVDB-3233:/icons/README:Apachedefaultfilefound.
+OSVDB-3092:/.svn/wc.db:SubversionSQLiteDBfilemaycontaindirectorylistinginformation.Seehttp://pen-testing.sans.org/blog/pen-testing/2012/12/06/all-your-svn-are-belong-to-us
+OSVDB-3092:/phpmyadmin/Documentation.html:phpMyAdminisformanagingMySQLdatabases,andshouldbeprotectedorlimitedtoauthorizedhosts.
+/server-status:Apacheserver-statusinterfacefound(passprotected)
+/server-info:Apacheserver-infointerfacefound(passprotected)
+8494requests:0error(s)and31item(s)reportedonremotehost
+EndTime:2015-07-2817:35:39(GMT3)(863seconds)
--------------------------------------------------------------------------+1host(s)tested