I decided to run a vulnerability scan on my fully patch Cent0S 5.2 rubyninja.net Apache web server using Nitko and learned quite a bit on the vulnerabilities found.

1st vulnerability found:
My webalizer statistics were being displayed without any restriction.
Fix: Enable .htaccess password protection and limited to permit local IP access.

2nd vulnerability found:
PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. (index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000)
Fix: Set expose_php = Off within /etc/php.ini

3rd vulnerability found:
Apache default manual webpages were publicly accessable.
Fix:edit /etc/httpd/conf.d/manual.conf

4th vulnerability found:
HTTP TRACE method is active, suggesting the host is vulnerable to XST.
Fix: Out of all vulnerabilities found this one was the most interesting. Apparently the TRACE http request method can be used by malicious applications to trick a web browser into issuing a TRACE request against an arbitrary site and then send the response to the TRACE to a third party using web browser features. To fix this issue, I just had to add the following entry to httpd.conf: TraceEnable off

This article fully explained the issue. http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/

I still need to read the full Nitko documentation to check out all of its features. But I still think this is a really good tool for any Apache administrator.
http://cirt.net/nikto2