Forums Drupal

nikto results for Drupal install

Subscribe to nikto results for Drupal install 3 post(s), 2 voice(s)

 
Jul 14, 2008 8:51pm
Avatar kahem 22 post(s)

Hi all,

I did a quick nikto scan of the drupal install and found following directories enabled. How can i disable them?

How can I disable TRACE method.

Other security issues i encountered are:
Session Never expires
Autocomplete is enabled

default files accessible as below:

/install.php
/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
/install/install.php
/INSTALL.txt
/CHANGELOG.txt /robots.txt /xmlrpc.php
/UPGRADE.txt

TRACE enabled.
 
Jul 14, 2008 9:01pm
Avatar kahem 22 post(s)

I have manually gone and changed permissions for these pages.
But TRACE? and other uncessary HTTP methods enabled
sESSION EXPIRATION?

How do i deal with those
 
Jul 15, 2008 7:33am
Avatar antonio Administrator 487 post(s)

Hi kahem,

We didn’t know about this utility, we’ll try to fix all these issues in future releases. In the meantime, you can disable the Trace method by appending

TraceEnabled off

to apache2/conf/httpd.conf file

Cheers
Forums Drupal