Aide nécessaire pour résoudre les problèmes de sécurité découverts à l'aide de Nikto sur le serveur Ubuntu 12.10


3

Que peut-on faire pour atténuer les problèmes de sécurité rencontrés par Nikto sur tous nos serveurs Ubuntu version 12.10?

  1. OSVDB-2799: /cgi-915/dose.pl? daily & somefile.txt & | ls |: DailyDose 1.1 est vulnérable à une attaque de traversée de répertoire dans le paramètre 'list'.

  2. OSVDB-3233: / icons / README: fichier par défaut Apache trouvé.

  3. /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0: Post Nuke 0.7.2.3-Phoenix est vulnérable auxCross Site Scripting (XSS).cert.org/advisories/CA-2000-02.html.

  4. Celui-ci me semble bizarre, car nous n'utilisons pas le script du forum Web Wiz (puis-je supposer que ce n'est qu'un faux positif ??? !!!! ???):

    • OSVDB-4598: /members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22: Web Wiz Forums ver.7.01 et les versions antérieures sont vulnérables au Cross Site Scripting (XSS).cert.org/advisories/CA-2000-02.html.
  5. OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 est vulnérable au Cross Site Scripting (XSS).cert.org/advisories/CA-2000-02.html.

Merci!

1

By definition, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

So, your issue(s) here are in your Webserver (Apache)

But since I won't be able to give you a detailed answer as I'm not a specialist :)

here are some guidlines:

1- make sure your server is having the latest security updates and latest Apache Server version as later versions tend to fix all identified vulnerabilities.

2- Run Nikto after the update and check if some/all identified issues have been resolved

3- Check this link for details on Cross Site Scripting for all related detections http://en.wikipedia.org/wiki/Cross-site_scripting

4- for issue #1 and #2, refer to the official Apache SecurityTips via http://httpd.apache.org/docs/2.2/misc/security_tips.html

5- Run Nikto again and periodically every while and after.

You may find other helpful articles if you googled on Securing Apache Server but I prefer official documentations myself

Hope this helps you solve your issues.