
Vulnerable HTTP Servers
The scan engine checks the Web server type against known vulnerable servers
and finds a match.
Some versions of httpd (notably NCSA v1.5 and earlier, and Apache 1.0.3) may
have vulnerabilities that allow an intruder to execute commands remotely. This
option checks for an HTTP (WWW) server on each host. If the server is found, the
scanner reports the version that is running.
Risk: High
Fix: Update to newest version of httpd, which is NCSA 1.5 or Apache 1.0.3. Make
sure that httpd is configured to run as nobody instead of root. If possible,
chroot http to a restricted file area.
Advisories: