---------------------------------------------------------------------------
- Nikto 2.02/2.03 - cirt.net
+ Target IP: 172.17.4.20
+ Target Hostname: 172.17.4.20
+ Target Port: 80
+ Start Time: 2008-02-12 12:53:41
---------------------------------------------------------------------------
+ Server: Apache
- Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-877: TRACK / : TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-2117: GET / : Appears to be a default Apache install.
+ OSVDB-2799: GET -evasiondose.pl?daily&somefile.txt&|ls| : DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter.
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3657 items checked: 8 item(s) reported on remote host
+ End Time: 2008-02-12 13:00:33 (412 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
enter Mod_Rewrite
RewriteEngine on
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$
RewriteRule .* - [F]
RewriteEngine on
ReWriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
ReWriteRule .* - [F]
this needs to be put on the
Posts
