nikto scan

noir911 · 03-12-2006, 12:45 AM

I did a scan on a webserver (apache) and the only "problem" Nikto v1.34 is reporting is

/?Open - This displays a list of all databases on the server. ÊDisable this capability via server options. (GET)

I cannot make any sense of this message. The web-server is not linked to any database.

Does anyone know what this message means and how to disable it?

unSpawn · 03-12-2006, 05:38 AM

Well, two things. One way is to find out what within Nikto raised the warning (that is, based on what conditions) and assess from there if Apache config change is needed or if this is a false positive. Another way could be to have a second opinion using say a Nessus scan. If you dont run Nessus there is a free public service that does Nessus scans but I forgot the URI, shouldnt be hard to find though.

noir911 · 03-14-2006, 01:23 AM

Yeah, I do run nessus. Thanks for your input on assessing both the results. Appreciate it!