Nikto scan (max 60 sec) (nikto -host www.fumc.edu.co -maxtime 60)
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP: 20.232.9.141
+ Target Hostname: www.fumc.edu.co
+ Target Port: 80
+ Start Time: 2024-04-28 20:27:00 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.28
+ Root page / redirects to: https://www.fumc.edu.co/
+ PHP/7.4.28 appears to be outdated (current is at least 8.3.0).
+ OpenSSL/1.0.2k-fips appears to be outdated (current is at least 3.2.0). OpenSSL 1.1.1w is current for 1.x and is supported via contract, and 3.0.12 for 3.0.x, and 3.1.4 for 3.1.x.
+ Apache/2.4.6 appears to be outdated (current is at least 2.4.58). Apache 2.2.34 is the EOL for the 2.x branch.
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See: https://owasp.org/www-community/attacks/Cross_Site_Tracing
+ /phpMyAdmin/changelog.php: Retrieved x-powered-by header: PHP/7.4.28.
+ /phpMyAdmin/changelog.php:X-Frame-Options header is deprecated and has been replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /phpMyAdmin/changelog.php: Uncommon header 'x-ob_mode' found, with contents: 1.
+ /icons/: Directory indexing found.
+ /icons/README: Apache default file found. See: https://www.vntweb.co.uk/apache-restricting-access-to-iconsreadme/
+ Scan terminated: 0 error(s) and 10 item(s) reported on remote host
+ End Time: 2024-04-28 20:28:01 (GMT-4) (61 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested