[Nikto-discuss] Nikto 2.1.5 Idle
Zaki Akhmad
zakiakhmad at gmail.com
Tue Dec 11 21:53:30 CST 2012
Hello,
I am using nikto 2.1.5 to do web application scanning. Nikto detected
a WAF, then it's becoming idle. Nothing happened. Where I can find
more detailed information about this?
Here's the nikto result:
+ Server: Microsoft-IIS/7.5
+ Retrieved x-powered-by header: ASP.NET
+ Server leaks inodes via ETags, header found with file /, fields:
0xf649529557d4cd1:0
+ The anti-clickjacking X-Frame-Options header is not present.
+ Cookie lkLQMSULhV created without the httponly flag
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Retrieved x-aspnet-version header: 2.0.50727
+ Uncommon header 'x-snapsis-pageblaster' found, with contents:
v:3.4.5;c:-;x:+;r:+
+ OSVDB-630: IIS may reveal its internal or real IP in the Location
header via a request to the /images directory. The value is
"http://172.16.1.100/images/".
+ Server banner has changed from 'Microsoft-IIS/7.5' to
'Microsoft-HTTPAPI/2.0' which may suggest a WAF, load balancer or
proxy is in place
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ /examples/servlet/AUX: Apache Tomcat versions below 4.1 may be
vulnerable to DoS by repeatedly requesting this file.
--
Zaki Akhmad
More information about the Nikto-discuss
mailing list