Nikto Scan Summary |
Software Details | Nikto 2.03 |
CLI Options | -h www.localdomain -F htm -o logs/nikto-with-hostname.html |
Hosts Tested | 1 |
www.localdomain / 172.20.60.200 |
Target IP | 172.20.60.200 |
Target hostname | www.localdomain |
Target vhost | |
Target Port | 80 |
HTTP Server | Apache |
Start Time | 2009-06-14 21:14:06 |
End Time | 2009-06-14 21:14:11 |
Elapsed | 5 Seconds |
Site Link (Name) | http://www.localdomain:80/ |
Site Link (IP) | http://172.20.60.200:80/ |
Site Link (VHOST) | N/A |
Items Tested | 3577 |
Items Found | 4 |
Information | Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE |
OSVDB Entries | OSVDB-0 |
Information | HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST. |
OSVDB Entries | OSVDB-877 |
URI | /icons/README |
HTTP Method | GET |
Description | Apache default file found. |
Test Links |
http://www.localdomain:80/icons/README http://172.20.60.200:80/icons/README |
OSVDB Entries | OSVDB-3233 |
URI | / |
HTTP Method | TRACE |
Description | TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details |
Test Links |
http://www.localdomain:80/ http://172.20.60.200:80/ |
OSVDB Entries | OSVDB-877 |
© 2007 CIRT, Inc.