- Nikto v2.1.6/2.1.5 + Target Host: space.sbm.itb.ac.id + Target Port: 443 + GET The anti-clickjacking X-Frame-Options header is not present. + GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS + GET The site uses SSL and the Strict-Transport-Security HTTP header is not defined. + GET The site uses SSL and Expect-CT header is not present. + GET The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type + OSVDB-3268: GET /public/: Directory indexing found. + GET /public: Server is using a wildcard certificate: *.sbm.itb.ac.id + GET The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack. + HEAD /public: Apache/2.4.18 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch. + OPTIONS Allowed HTTP Methods: GET, HEAD, POST, OPTIONS + OSVDB-3268: GET /public/./: Directory indexing found. + GET /public/./: Appending '/./' to a directory allows indexing + OSVDB-3268: GET /public//: Directory indexing found. + GET /public//: Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page. + OSVDB-3268: GET /public/%2e/: Directory indexing found. + OSVDB-576: GET /public/%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513. + OSVDB-3268: GET /public///: Directory indexing found. + OSVDB-119: GET /public/?PageServices: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269. + OSVDB-119: GET /public/?wp-cs-dump: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269. + OSVDB-3268: GET /public///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Directory indexing found. + OSVDB-3288: GET /public///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////: Abyss 1.03 reveals directory listing when /'s are requested.