Web Servers report

This report categorizes the web servers in your organization by their role and type.

Why it matters

You might have a corporate standard that specifies which web servers are sanctioned for use in your environment. This information helps you identify non-standard web server types.

The most sensitive of your web applications are those installed on servers that are listening on uncommon ports. When undertaking a security assessment, it is essential that you analyze all exposed HTTPS servers and applications. This report identifies those servers listening on common and uncommon ports.

How web servers are triggered

The scan searches for these server roles: HTTP, HTTPS, HTTP application, and HTTPS application. Within each of these roles, the scan distinguishes between these web server types:
  • AOL Server
  • Apache
  • Apache Stronghold
  • HTTP Server
  • Lotus® Domino®
  • Microsoft IIS
  • Netscape Enterprise
  • Oracle Web Listener
  • SunONE WebServer
  • SunOS FTPD
  • WS_FTP
  • ProFTPD
  • Serv-U
  • WFTPD
  • War FTPD
  • GuildFTPd
Note: If there is no match to the list of web servers the scan searches for, or if there are multiple matches to different web server types, then the type is considered Undetermined.

The scan also finds the following application server types:

  • Allaire JRun
  • Apache Tomcat
  • BEA WebLogic
  • ColdFusion
  • Generic Java App Server
  • IBM® WebSphere®
  • Pre-Hyper Text Pre-Processor
  • Resin Java Servlet container