I've been playing with nikto and I see some vulnerabilities listed in the scan for my dev server. For example, I see osvdb-XXXX
, with a short description after it. I am googling this string, osvdb-XXXX
and I am getting very little useful information back. Even when I go straight to osvdb.org I am absolutely perplexed that a browseable database does not exist here.
Some of the short descriptions next to the vulnerabilities detected by the scan are helpful, while others are cryptic. How can I research what vulnerability is being found by nikto?
Edit
I took the liberty of emailing the address I found on the osvdb blog site. They responded simply with The database is currently not available.
So I'll amend my question to say is there anywhere other than the osvdb site where I can find information about what nikto is telling me?
Further response from open security foundation
There is a blog post coming with more detail, but do not plan to see it
return. @osvdb on Twitter for announcements.