Nikto https security test.....Bug?

[synaomen]

I test my own airdcppd (v0.16.2) with nikto secu scanner. The result:

nikto -host localhost -port 5601
- Nikto v2.1.5
---------------------------------------------------------------------------
+ Target IP:          192.168.0.11
+ Target Hostname:    ssn
+ Target Port:        5601
---------------------------------------------------------------------------
+ SSL Info:        Subject: /CN=JHDMTUBCXBHPDEIYGG5EGQSUTKXFMNIU5EUBU4Y/O=DCPlusPlus (OSS/SelfSigned)
                   Ciphers: ECDHE-RSA-AES256-GCM-SHA384
                   Issuer:  /CN=JHDMTUBCXBHPDEIYGG5EGQSUTKXFMNIU5EUBU4Y/O=DCPlusPlus (OSS/SelfSigned)
+ Start Time:         2016-02-09 11:56:56 (GMT1)
---------------------------------------------------------------------------
+ Server: WebSocket++/0.3.0
+ The anti-clickjacking X-Frame-Options header is not present.
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Hostname 'ssn' does not match certificate's CN 'JHDMTUBCXBHPDEIYGG5EGQSUTKXFMNIU5EUBU4Y/O=DCPlusPlus'
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ /../../../../../../../../../../etc/passwd: It is possible to read files on the server by adding ../ in front of file name.
+ OSVDB-3092: /js: This might be interesting...
+ OSVDB-3133: ////////../../../../../../etc/passwd: Xerox WorkCentre allows any file to be retrieved remotely.
+ 6545 items checked: 0 error(s) and 6 item(s) reported on remote host
+ End Time:           2016-02-09 11:57:54 (GMT1) (58 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

The most interesting line is + /../../../../../../../../../../etc/passwd: It is possible to read files on the server by adding ../ in front of file name..

[maksis]

Yeah, that's a bug, thanks

[maksis]

The other warnings don't seem to be that relevant

[synaomen]

I think, too