44 unread replies.44 replies.
Review the sample Web server scan given in the text sheet entitled “Web Server Vulnerability Analysis” and answer the following questions:
Web Server Vulnerability Analysis
Sample Web Server Scan
Using the following Nikto output, identify potential vulnerabilities and issues with the scanned system.
– Nikto v2.1.0
+ Target IP: 192.168.2.111
+ Target Hostname: 192.168.2.111
+ Target Port: 80
+ Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch
– Root page / redirects to: login.php
+ OSVDB-0: robots.txt contains 1 entry which should be manually viewed.
+ OSVDB-0: Apache/2.2.8 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ OSVDB-0: Number of sections in the version string differ from those in the database, the server reports: 18.104.22.168.22.214.171.124.126.96.36.199.10 while the database has: 5.2.8. This may cause false positives.
+ OSVDB-0: PHP/5.2.4-2ubuntu5.10 appears to be outdated (current is at least 5.2.8)
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-0: ETag header found on server, inode: 1681, size: 26, mtime: 0x46dfa70e2b580
+ OSVDB-0: /config/: Configuration information may be available remotely.
+ OSVDB-0: /php.ini: This file should not be available through the web interface
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3268: /config/: Directory indexing is enabled: /config/
+ OSVDB-3092: /login/: This might be interesting…
+ OSVDB-3092: /setup/: This might be interesting…
+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons
+ OSVDB-3268: /docs/: Directory indexing is enabled: /docs
+ OSVDB-3092: /README: README file found.
+ OSVDB-3092: /CHANGELOG.txt: A changelog was found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 3588 items checked: 17 item(s) reported on remote host
+ 1 host(s) tested
Answer the following:
1-What vulnerabilities were found?
2-What risks do they create?
3-How could they be remediated?
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more