Review the sample Web server scan given in the text sheet entitled “Web Server Vulnerability Analysis” and answer the following questions: Web Server Vulnerability Analysis Sample Web Server Scan Using the following Nikto output, identify potential vul

profileFrenchienoire

D5: Web server vulnerability analysis

44 unread replies.44 replies.

Review the sample Web server scan given in the text sheet entitled “Web Server Vulnerability Analysis” and answer the following questions:

Web Server Vulnerability Analysis

Sample Web Server Scan

Using the following Nikto output, identify potential vulnerabilities and issues with the scanned system.

- Nikto v2.1.0

---------------------------------------------------------------------------

+ Target IP:          192.168.2.111

+ Target Hostname:    192.168.2.111

+ Target Port:        80

---------------------------------------------------------------------------

+ Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch

- Root page / redirects to: login.php

+ OSVDB-0: robots.txt contains 1 entry which should be manually viewed.

+ OSVDB-0: Apache/2.2.8 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.

+ OSVDB-0: Number of sections in the version string differ from those in the database, the server reports: 5.2.4.45.2.117.98.117.110.116.117.5.10 while the database has: 5.2.8. This may cause false positives.

+ OSVDB-0: PHP/5.2.4-2ubuntu5.10 appears to be outdated (current is at least 5.2.8)

+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST

+ OSVDB-0: ETag header found on server, inode: 1681, size: 26, mtime: 0x46dfa70e2b580

+ OSVDB-0: /config/: Configuration information may be available remotely.

+ OSVDB-0: /php.ini: This file should not be available through the web interface

+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.

+ OSVDB-3268: /config/: Directory indexing is enabled: /config/

+ OSVDB-3092: /login/: This might be interesting...

+ OSVDB-3092: /setup/: This might be interesting...

+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons

+ OSVDB-3268: /docs/: Directory indexing is enabled: /docs

+ OSVDB-3092: /README: README file found.

+ OSVDB-3092: /CHANGELOG.txt: A changelog was found.

+ OSVDB-3233: /icons/README: Apache default file found.

+ 3588 items checked: 17 item(s) reported on remote host

---------------------------------------------------------------------------

+ 1 host(s) tested

Answer the following:

1-What vulnerabilities were found?

2-What risks do they create?

3-How could they be remediated?

    • 5 years ago
    • 5
    Answer(1)

    Purchase the answer to view it

    blurred-text
    NOT RATED
    • attachment
      WEBSERVERSCANVULNERABILITIES.docx