- Nikto v2.1.6/2.1.5 + Target Host: rsud.sumedangkab.go.id + Target Port: 80 + GET Retrieved x-powered-by header: PHP/5.6.3 + GET The anti-clickjacking X-Frame-Options header is not present. + GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS + GET The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type + GET Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/bin/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/layouts/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/libraries/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/plugins/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET Entry '/tmp/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + GET "robots.txt" contains 14 entries which should be manually viewed. + GET Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var + GET Multiple index files found: /index.html, /index.php + HEAD Apache/2.4.10 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch. + HEAD OpenSSL/1.0.1i appears to be outdated (current is at least 1.1.1). OpenSSL 1.0.0o and 0.9.8zc are also current. + HEAD PHP/5.6.3 appears to be outdated (current is at least 7.2.12). PHP 5.6.33, 7.0.27, 7.1.13, 7.2.1 may also current release for each branch. + YRNRRSKL Web Server returns a valid response with junk HTTP methods, this may cause false positives. + OSVDB-877: TRACE HTTP TRACE method is active, suggesting the host is vulnerable to XST