From outofexile at yandex.com Sat May 10 10:26:00 2014 From: outofexile at yandex.com (eXile Out) Date: Sat, 10 May 2014 19:26:00 +0400 Subject: [Nikto-discuss] Uncommon Header problem Message-ID: <630051399735560@web15m.yandex.ru> Dear Friend, I've a security problem whit my server (debian wheezy 7.4 with apache 2.2.22-deb7u on amd64 arch). when I scan the server with nikto, nikto tell me that found a "Uncommon header" that I can't solve: ----------------------------------------------------------------------------------------------------------- - Nikto v2.1.5 ----------------------------------------------------------------------------------------------------------- + Taget IP: 127.0.0.1 ----------------------------------------------------------------------------------------------------------- + Server: Apache/2.2.22 + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN ----------------------------------------------------------------------------------------------------------- The default debian anti click-hijacking config is in the file: /etc/apache2/conf.d/security And containd this line: Header set X-Frame-Option: "sameorigin" I try to comment this line and add manually the protection, in file: /etc/apache2/httpd.conf (created by me and included on apache2.conf file) Whit this line: Header always append X-Frame-Option SAMEORIGIN But the message on Nikto persist. Anyone can help me? Thank you so much Regards OeX From csullo at gmail.com Sat May 10 14:25:29 2014 From: csullo at gmail.com (csullo at gmail.com) Date: Sat, 10 May 2014 15:25:29 -0400 Subject: [Nikto-discuss] Uncommon Header problem In-Reply-To: <630051399735560@web15m.yandex.ru> References: <630051399735560@web15m.yandex.ru> Message-ID: <92E93F0A-E5B7-4613-BACE-3939755112A4@gmail.com> I'm not near a computer to check this out, but that should be in the database of known headers. So either it's missing which is a mistake, or a bug is preventing a match. However, you want to keep that header around unless you have a specific need for removing it (and even then, allowing specific hosts to frame). So don't try to get rid of it--leave it be! I'll look at this later to figure out why it's not matching. Regards, Sullo > On May 10, 2014, at 11:26 AM, eXile Out wrote: > > Dear Friend, > I've a security problem whit my server (debian wheezy 7.4 with apache 2.2.22-deb7u on amd64 arch). > when I scan the server with nikto, nikto tell me that found a "Uncommon header" that I can't solve: > ----------------------------------------------------------------------------------------------------------- > - Nikto v2.1.5 > ----------------------------------------------------------------------------------------------------------- > + Taget IP: 127.0.0.1 > ----------------------------------------------------------------------------------------------------------- > + Server: Apache/2.2.22 > + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN > ----------------------------------------------------------------------------------------------------------- > > The default debian anti click-hijacking config is in the file: > /etc/apache2/conf.d/security > And containd this line: > Header set X-Frame-Option: "sameorigin" > > I try to comment this line and add manually the protection, in file: > /etc/apache2/httpd.conf (created by me and included on apache2.conf file) > Whit this line: > Header always append X-Frame-Option SAMEORIGIN > > But the message on Nikto persist. > Anyone can help me? > Thank you so much > Regards > OeX > _______________________________________________ > Nikto is sponsored by Netsparker, a false positive free web application security scanner. > Visit https://www.netsparker.com/ for more information. > _______________________________________________ > Nikto-discuss mail list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss From csullo at gmail.com Sat May 10 21:49:29 2014 From: csullo at gmail.com (Sullo) Date: Sat, 10 May 2014 22:49:29 -0400 Subject: [Nikto-discuss] Uncommon Header problem In-Reply-To: <92E93F0A-E5B7-4613-BACE-3939755112A4@gmail.com> References: <630051399735560@web15m.yandex.ru> <92E93F0A-E5B7-4613-BACE-3939755112A4@gmail.com> Message-ID: Looking again, I see that it is "option" and not "options". "options" is correct according to the RFC and thus what is in the Nikto database. Your server should be sending x-frame-options and *not* x-frame-option to properly set frame restrictions. regards, Sullo On Sat, May 10, 2014 at 3:25 PM, csullo at gmail.com wrote: > I'm not near a computer to check this out, but that should be in the > database of known headers. So either it's missing which is a mistake, or a > bug is preventing a match. > > However, you want to keep that header around unless you have a specific > need for removing it (and even then, allowing specific hosts to frame). So > don't try to get rid of it--leave it be! > > I'll look at this later to figure out why it's not matching. > > Regards, > Sullo > > > On May 10, 2014, at 11:26 AM, eXile Out wrote: > > > > Dear Friend, > > I've a security problem whit my server (debian wheezy 7.4 with apache > 2.2.22-deb7u on amd64 arch). > > when I scan the server with nikto, nikto tell me that found a "Uncommon > header" that I can't solve: > > > ----------------------------------------------------------------------------------------------------------- > > - Nikto v2.1.5 > > > ----------------------------------------------------------------------------------------------------------- > > + Taget IP: 127.0.0.1 > > > ----------------------------------------------------------------------------------------------------------- > > + Server: Apache/2.2.22 > > + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN > > > ----------------------------------------------------------------------------------------------------------- > > > > The default debian anti click-hijacking config is in the file: > > /etc/apache2/conf.d/security > > And containd this line: > > Header set X-Frame-Option: "sameorigin" > > > > I try to comment this line and add manually the protection, in file: > > /etc/apache2/httpd.conf (created by me and included on apache2.conf file) > > Whit this line: > > Header always append X-Frame-Option SAMEORIGIN > > > > But the message on Nikto persist. > > Anyone can help me? > > Thank you so much > > Regards > > OeX > > _______________________________________________ > > Nikto is sponsored by Netsparker, a false positive free web application > security scanner. > > Visit https://www.netsparker.com/ for more information. > > _______________________________________________ > > Nikto-discuss mail list > > Nikto-discuss at attrition.org > > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From outofexile at yandex.com Sun May 11 10:13:43 2014 From: outofexile at yandex.com (eXile Out) Date: Sun, 11 May 2014 19:13:43 +0400 Subject: [Nikto-discuss] Uncommon Header problem In-Reply-To: References: <630051399735560@web15m.yandex.ru> <92E93F0A-E5B7-4613-BACE-3939755112A4@gmail.com> Message-ID: <285801399821223@web20g.yandex.ru> An HTML attachment was scrubbed... URL: From outofexile at yandex.com Sun May 11 12:10:01 2014 From: outofexile at yandex.com (eXile Out) Date: Sun, 11 May 2014 21:10:01 +0400 Subject: [Nikto-discuss] Uncommon Header problem In-Reply-To: <285801399821223@web20g.yandex.ru> References: <630051399735560@web15m.yandex.ru> <92E93F0A-E5B7-4613-BACE-3939755112A4@gmail.com> <285801399821223@web20g.yandex.ru> Message-ID: <97341399828201@web12h.yandex.ru> An HTML attachment was scrubbed... URL: From resident.deity at gmail.com Tue May 13 05:30:05 2014 From: resident.deity at gmail.com (a) Date: Tue, 13 May 2014 11:30:05 +0100 Subject: [Nikto-discuss] Uncommon Header problem In-Reply-To: <97341399828201@web12h.yandex.ru> References: <630051399735560@web15m.yandex.ru> <92E93F0A-E5B7-4613-BACE-3939755112A4@gmail.com> <285801399821223@web20g.yandex.ru> <97341399828201@web12h.yandex.ru> Message-ID: Both x-frame-options and x-content-type-options are in the database and shouldn't alert (you can check this by looking at program/databases/db_headers and making sure those two lines are there). It looks like the database has been updated since 2.1.5 has been released, so try doing a niko.pl -update, then retest. On 11 May 2014 18:10, eXile Out wrote: > Dear Friend, > It's possible that our modsecurity module influence the config of apache? > I try to disable modsecurity, and nikto now show another 2 informations: > ------------------------------------- > + Server leaks inodes via ETags, header found with file /, inode: etc... > > + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN > + Uncommon header 'x-content-type-options' found, with contents: nosniff > ------------------------------------- > If I re-enable modsecurity, appear only one information: > ------------------------------------- > + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN > ------------------------------------- > I hope this informations can help you > Thank You > Regards > eX > > 11.05.2014, 19:14, "eXile Out" : > > Dear Chris, > thank you for your support. > I look my config file, and the option is already in plural > "x-frame-options", sorry for my wrong past information. > I can't undestrand why appear this message... > It's possible that the position of the option in apache debian config > files, influence this problem? > Thank you > Regards > eX > > 11.05.2014, 06:49, "Sullo" : > > Looking again, I see that it is "option" and not "options". "options" is > correct according to the RFC and thus what is in the Nikto database. Your > server should be sending x-frame-options and *not* x-frame-option to > properly set frame restrictions. > > regards, > Sullo > > > On Sat, May 10, 2014 at 3:25 PM, csullo at gmail.com wrote: > > I'm not near a computer to check this out, but that should be in the > database of known headers. So either it's missing which is a mistake, or a > bug is preventing a match. > > However, you want to keep that header around unless you have a specific > need for removing it (and even then, allowing specific hosts to frame). So > don't try to get rid of it--leave it be! > > I'll look at this later to figure out why it's not matching. > > Regards, > Sullo > > > On May 10, 2014, at 11:26 AM, eXile Out wrote: > > > > Dear Friend, > > I've a security problem whit my server (debian wheezy 7.4 with apache > 2.2.22-deb7u on amd64 arch). > > when I scan the server with nikto, nikto tell me that found a "Uncommon > header" that I can't solve: > > > ----------------------------------------------------------------------------------------------------------- > > - Nikto v2.1.5 > > > ----------------------------------------------------------------------------------------------------------- > > + Taget IP: 127.0.0.1 > > > ----------------------------------------------------------------------------------------------------------- > > + Server: Apache/2.2.22 > > + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN > > > ----------------------------------------------------------------------------------------------------------- > > > > The default debian anti click-hijacking config is in the file: > > /etc/apache2/conf.d/security > > And containd this line: > > Header set X-Frame-Option: "sameorigin" > > > > I try to comment this line and add manually the protection, in file: > > /etc/apache2/httpd.conf (created by me and included on apache2.conf file) > > Whit this line: > > Header always append X-Frame-Option SAMEORIGIN > > > > But the message on Nikto persist. > > Anyone can help me? > > Thank you so much > > Regards > > OeX > > _______________________________________________ > > Nikto is sponsored by Netsparker, a false positive free web application > security scanner. > > Visit https://www.netsparker.com/ for more information. > > _______________________________________________ > > Nikto-discuss mail list > > Nikto-discuss at attrition.org > > https://attrition.org/mailman/listinfo/nikto-discuss > > > > > -- > > http://www.cirt.net | http://richsec.com/ > > , > > _______________________________________________ > Nikto is sponsored by Netsparker, a false positive free web application > security scanner. > Visit https://www.netsparker.com/ for more information. > _______________________________________________ > Nikto-discuss mail list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > > > _______________________________________________ > Nikto is sponsored by Netsparker, a false positive free web application > security scanner. > Visit https://www.netsparker.com/ for more information. > _______________________________________________ > Nikto-discuss mail list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From outofexile at yandex.com Tue May 13 06:59:44 2014 From: outofexile at yandex.com (eXile Out) Date: Tue, 13 May 2014 15:59:44 +0400 Subject: [Nikto-discuss] Uncommon Header problem In-Reply-To: References: <630051399735560@web15m.yandex.ru> <92E93F0A-E5B7-4613-BACE-3939755112A4@gmail.com> <285801399821223@web20g.yandex.ru> <97341399828201@web12h.yandex.ru> Message-ID: <762141399982384@web21j.yandex.ru> An HTML attachment was scrubbed... URL: From outofexile at yandex.com Mon May 19 10:00:02 2014 From: outofexile at yandex.com (eXile Out) Date: Mon, 19 May 2014 19:00:02 +0400 Subject: [Nikto-discuss] Nikto on Tails not work Message-ID: <98561400511602@web4h.yandex.ru> Dear friends, I try to use nikto on tails (distro based on linux debian 6), but not work. If t try use nikto on a Ip adree tell me: + Not webserver found on 123.45.67.89 If I tri a domain name tell me: * Can't resolve hostanme 'hostname.com' It's possible use Nikto or i need use another distro? Thank you Regards From csullo at gmail.com Mon May 19 10:16:52 2014 From: csullo at gmail.com (Sullo) Date: Mon, 19 May 2014 11:16:52 -0400 Subject: [Nikto-discuss] Nikto on Tails not work In-Reply-To: <98561400511602@web4h.yandex.ru> References: <98561400511602@web4h.yandex.ru> Message-ID: I've never used that OS so I can't say for sure. However, run 'nikto.pl -V' and look for any errors (it should check module requirements). Also confirm you can connect manually (browser or perhaps netcat), and that you can resolve it from the command line. -Sullo On Mon, May 19, 2014 at 11:00 AM, eXile Out wrote: > Dear friends, > I try to use nikto on tails (distro based on linux debian 6), but not work. > If t try use nikto on a Ip adree tell me: > + Not webserver found on 123.45.67.89 > > If I tri a domain name tell me: > * Can't resolve hostanme 'hostname.com' > > It's possible use Nikto or i need use another distro? > Thank you > Regards > _______________________________________________ > Nikto is sponsored by Netsparker, a false positive free web application > security scanner. > Visit https://www.netsparker.com/ for more information. > _______________________________________________ > Nikto-discuss mail list > Nikto-discuss at attrition.org > https://attrition.org/mailman/listinfo/nikto-discuss > -- http://www.cirt.net | http://richsec.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: