Scan report for "bungie.org"

Membership level: Free member
Nikto scan (max 60 sec) (nikto -host bungie.org -maxtime 60)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          208.52.191.252
+ Target Hostname:    bungie.org
+ Target Port:        80
+ Start Time:         2024-05-27 17:01:34 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.2.29 (Unix) DAV/2 PHP/5.3.29 mod_ssl/2.2.29 OpenSSL/0.9.8zg
+ /: Retrieved x-powered-by header: PHP/5.3.29.
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /index: Uncommon header 'tcn' found, with contents: list.
+ /index: Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. The following alternatives for 'index' were found: index.html. See: http://www.wisec.it/sectou.php?id=4698ebdc59d15,https://exchange.xforce.ibmcloud.com/vulnerabilities/8275
+ PHP/5.3.29 appears to be outdated (current is at least 8.3.0).
+ mod_ssl/2.2.29 appears to be outdated (current is at least 2.9.6) (may depend on server version).
+ OpenSSL/0.9.8zg appears to be outdated (current is at least 3.2.0). OpenSSL 1.1.1w is current for 1.x and is supported via contract, and 3.0.12 for 3.0.x, and 3.1.4 for 3.1.x.
+ Apache/2.2.29 appears to be outdated (current is at least 2.4.58). Apache 2.2.34 is the EOL for the 2.x branch.
+ /: Web Server returns a valid response with junk HTTP methods which may cause false positives.
+ mod_ssl/2.2.29 OpenSSL/0.9.8zg - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell.
+ PHP/5.3 - PHP 3/4/5 and 7.0 are End of Life products without support.
+ /test: Server may leak inodes via ETags, header found with file /test, inode: aa171, size: 6c5fa, mtime: 4084921b53080;5be4d4a212a40. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
+ /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. See: OSVDB-12184
+ /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. See: OSVDB-12184
+ /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. See: OSVDB-12184
+ /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. See: OSVDB-12184
+ /archives/: This might be interesting.
+ Scan terminated: 0 error(s) and 17 item(s) reported on remote host
+ End Time:           2024-05-27 17:02:35 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Color Scheme
Target
bungie.org
Scan method
Nikto scan (max 60 sec)
Run command
nikto -host bungie.org -maxtime 60
Scan time
61s
Quick report
Order full scan ($79/one time)
Scan date
27 May 2024 17:02
Copy scan report
Download report
Remove scan result
$
Total scans
About 3 times
Some firewalls blocks Nikto. For get true positive results add nikto.online IP addresses (172.96.166.66-172.96.166.70 or CIDR 172.96.166.64/29) to the whitelist
[scan_method]
Visibility:
Scan method: