[Nikto-discuss] Uncommon Header problem

a resident.deity at gmail.com
Tue May 13 05:30:05 CDT 2014


Both x-frame-options and x-content-type-options are in the database and
shouldn't alert (you can check this by looking at
program/databases/db_headers and making sure those two lines are there).

It looks like the database has been updated since 2.1.5 has been released,
so try doing a niko.pl -update, then retest.


On 11 May 2014 18:10, eXile Out <outofexile at yandex.com> wrote:

> Dear Friend,
> It's possible that our modsecurity module influence the config of apache?
> I try to disable modsecurity, and nikto now show another 2 informations:
> -------------------------------------
> + Server leaks inodes via ETags, header found with file /, inode: etc...
>
> + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
> + Uncommon header 'x-content-type-options' found, with contents: nosniff
> -------------------------------------
> If I re-enable modsecurity, appear only one information:
> -------------------------------------
> + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
> -------------------------------------
> I hope this informations can help you
> Thank You
> Regards
> eX
>
> 11.05.2014, 19:14, "eXile Out" <outofexile at yandex.com>:
>
> Dear Chris,
> thank you for your support.
> I look my config file, and the option is already in plural
> "x-frame-options", sorry for my wrong past information.
> I can't undestrand why appear this message...
> It's possible that the position of the option in apache debian config
> files, influence this problem?
> Thank you
> Regards
> eX
>
> 11.05.2014, 06:49, "Sullo" <csullo at gmail.com>:
>
> Looking again, I see that it is "option" and not "options".  "options" is
> correct according to the RFC and thus what is in the Nikto database. Your
> server should be sending x-frame-options and *not* x-frame-option to
> properly set frame restrictions.
>
> regards,
> Sullo
>
>
> On Sat, May 10, 2014 at 3:25 PM, csullo at gmail.com <csullo at gmail.com>wrote:
>
> I'm not near a computer to check this out, but that should be in the
> database of known headers. So either it's missing which is a mistake, or a
> bug is preventing a match.
>
> However, you want to keep that header around unless you have a specific
> need for removing it (and even then, allowing specific hosts to frame). So
> don't try to get rid of it--leave it be!
>
> I'll look at this later to figure out why it's not matching.
>
> Regards,
> Sullo
>
> > On May 10, 2014, at 11:26 AM, eXile Out <outofexile at yandex.com> wrote:
> >
> > Dear Friend,
> > I've a security problem whit my server (debian wheezy 7.4 with apache
> 2.2.22-deb7u on amd64 arch).
> > when I scan the server with nikto, nikto tell me that found a "Uncommon
> header" that I can't solve:
> >
> -----------------------------------------------------------------------------------------------------------
> > - Nikto v2.1.5
> >
> -----------------------------------------------------------------------------------------------------------
> > + Taget IP: 127.0.0.1
> >
> -----------------------------------------------------------------------------------------------------------
> > + Server: Apache/2.2.22
> > + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
> >
> -----------------------------------------------------------------------------------------------------------
> >
> > The default debian anti click-hijacking config is in the file:
> > /etc/apache2/conf.d/security
> > And containd this line:
> > Header set X-Frame-Option: "sameorigin"
> >
> > I try to comment this line and add manually the protection, in file:
> > /etc/apache2/httpd.conf (created by me and included on apache2.conf file)
> > Whit this line:
> > Header always append X-Frame-Option SAMEORIGIN
> >
> > But the message on Nikto persist.
> > Anyone can help me?
> > Thank you so much
> > Regards
> > OeX
> > _______________________________________________
> > Nikto is sponsored by Netsparker, a false positive free web application
> security scanner.
> > Visit https://www.netsparker.com/ for more information.
> > _______________________________________________
> > Nikto-discuss mail list
> > Nikto-discuss at attrition.org
> > https://attrition.org/mailman/listinfo/nikto-discuss
>
>
>
>
> --
>
> http://www.cirt.net     |      http://richsec.com/
>
> ,
>
> _______________________________________________
> Nikto is sponsored by Netsparker, a false positive free web application
> security scanner.
> Visit https://www.netsparker.com/ for more information.
> _______________________________________________
> Nikto-discuss mail list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
> _______________________________________________
> Nikto is sponsored by Netsparker, a false positive free web application
> security scanner.
> Visit https://www.netsparker.com/ for more information.
> _______________________________________________
> Nikto-discuss mail list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20140513/3269bb92/attachment.html>


More information about the Nikto-discuss mailing list