- Nikto v1.36/1.39 --------------------------------------------------------------------------- + Target IP: + Target Hostname: + Target Port: 80 + Start Time: Sun Aug 19 18:15:41 2007 --------------------------------------------------------------------------- - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Apache/2.0.46 (CentOS) - Retrieved X-Powered-By header: PHP/4.3.2 + Allowed HTTP Methods: GET,HEAD,POST,OPTIONS,TRACE + PHP/4.3.2 appears to be outdated (current is at least 5.1.6) + Apache/2.0.46 appears to be outdated (current is at least Apache/2.2.3). Apache 1.3.33 is still maintained and considered secure. + Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49: memory leak in plain-HTTP-on-SSL-port handling (OSVDB-4182), a DoS with short-lived connections on rarely-accessed sockets (OSVDB-4383), and may allow unescaped data into logfiles (OSVDB-4382). + Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contain a buffer overflow in FakeBasicAuth with trusted client certificates. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488. OSVDB-6472. Also a DoS with certain input data. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493. OSVDB-7269. + Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contain multiple problems: overflow in apr-util (OSVDB-9994), config file variable overflow (OSVDB-9991), indirect lock refresh DoS (OSVDB-9948), SSL input filter DoS (OSVDB-9742), potential infinite loop (OSVDB-9523). + Apache/2.0.46 - "Apache 2.0 up 2.0.46 are vulnerable to multiple remote problems. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0253. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0254. CERT VU + Apache/2.0.46 - Apache 2.0 up 2.0.47 are vulnerable to multiple remote problems in mod_rewrite and mod_cgi. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542. + Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.53 allows bypassing of an SSLCipherSuite setting. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885. OSVDB-10637. Also contains a memory exhaustion DoS through MIME folded requests. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942. OSVDB-11391 + Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.52 could allow bypassing of authentication via the Satisfy directive. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811. OSVDB-10218.