Security vulnerabilities

TonyLeverett · March 17, 2025, 10:14am

Having just updated to Bookworm and fully-updated the PIAware installation, I’ve used one of the Kali tools to check for vulnerabilities - the results are as follows:

Nikto v2.5.0

Target IP: 192.168.x.x
Target Hostname: 192.168.x.x
Target Port: 80
Start Time: 2025-03-17 09:58:55 (GMT0)

Server: lighttpd/1.4.69
/: The anti-clickjacking X-Frame-Options header is not present. See: X-Frame-Options - HTTP | MDN
/: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
No CGI Directories found (use ‘-C all’ to force check all possible dirs)
OPTIONS: Allowed HTTP Methods: OPTIONS, GET, HEAD, POST .
/%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. http://www.securityfocus.com/bid/2513. See: http://www.securityfocus.com/bid/2513
/%2f/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. http://www.securityfocus.com/bid/2513. See: http://www.securityfocus.com/bid/2513
/#wp-config.php#: #wp-config.php# file found. This file contains the credentials.
8103 requests: 0 error(s) and 6 item(s) reported on remote host
End Time: 2025-03-17 09:59:34 (GMT0) (39 seconds)

1 host(s) tested

foxhunter · March 17, 2025, 1:49pm

You are having obviously wordpress installed (referencing to existing wp-config.php). This has nothing to do with Piaware or any other flight feeder

TonyLeverett · March 17, 2025, 1:54pm

No, I don’t have WordPress installed - the image I’m running is the Bookworm image from the F/A site, flashed onto a microSD card, so if WordPress were refenced, it would have been in the downloaded original image.

obj · March 17, 2025, 3:08pm

These are pretty obviously false positives.

Weblogic??? There’s a name I haven’t heard in a decade ..

There’s nothing wordpress-related on the 10.0 sdcard image.

foxhunter · March 17, 2025, 3:36pm

A fresh install would be recommended. Afterwards you could check it again.
And maybe it’s worth reading this:

Bug: false positive “The X-Content-Type-Options header is not set” · Issue #770 · sullo/nikto

Topic		Replies	Views
FlightAware Incompatible With Bookworm? FlightAware	14	1194	June 12, 2023
Bookworm PiAware 10 SD Card Images Now Available for Download! ADS-B Flight Tracking	67	1605	April 21, 2025
New Bookworm Install Showing All Services Down FlightAware	5	386	February 25, 2024
Protecting the PiAware Skyview public access ADS-B Flight Tracking	12	1497	May 28, 2019
PiAware for RPi OS Bookworm ADS-B Flight Tracking	150	6063	November 1, 2024

Security vulnerabilities

Related topics