D5: Web server vulnerability analysis
44 unread replies.44 replies.
Review the sample Web server scan given in the text sheet entitled “Web Server Vulnerability Analysis” and answer the following questions:
Web Server Vulnerability Analysis
Sample Web Server Scan
Using the following Nikto output, identify potential vulnerabilities and issues with the scanned system.
– Nikto v2.1.0
+ Target IP: 192.168.2.111
+ Target Hostname: 192.168.2.111
+ Target Port: 80
+ Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch
– Root page / redirects to: login.php
+ OSVDB-0: robots.txt contains 1 entry which should be manually viewed.
+ OSVDB-0: Apache/2.2.8 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ OSVDB-0: Number of sections in the version string differ from those in the database, the server reports: 126.96.36.199.188.8.131.52.184.108.40.206.10 while the database has: 5.2.8. This may cause false positives.
+ OSVDB-0: PHP/5.2.4-2ubuntu5.10 appears to be outdated (current is at least 5.2.8)
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-0: ETag header found on server, inode: 1681, size: 26, mtime: 0x46dfa70e2b580
+ OSVDB-0: /config/: Configuration information may be available remotely.
+ OSVDB-0: /php.ini: This file should not be available through the web interface
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3268: /config/: Directory indexing is enabled: /config/
+ OSVDB-3092: /login/: This might be interesting…
+ OSVDB-3092: /setup/: This might be interesting…
+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons
+ OSVDB-3268: /docs/: Directory indexing is enabled: /docs
+ OSVDB-3092: /README: README file found.
+ OSVDB-3092: /CHANGELOG.txt: A changelog was found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 3588 items checked: 17 item(s) reported on remote host
+ 1 host(s) tested
Answer the following:
1-What vulnerabilities were found?
2-What risks do they create?
3-How could they be remediated?