nikto is a website scanner found on Top 10 Web Vulnerability Scanners that can be run with

nikto.pl -host chesstst.eecs.berkeley.edu

False Positives

mod_ssl version

mod_ssl/2.2.10 appears to be outdated (current is at least 2.8.31) (may depend on server version)
Yep, 2.2.10 corresponds with the Apache version, so this is not a problem.

Problems that were fixed

mod_jk version


mod_jk/1.2.25 appears to be outdated (current is at least 1.2.26)

Actually, the current is 1.2.27.

The fix was to upgrade mod_jk, see Installing Tomkat
We had a problem with blank pages, see JSP pages not found

Problems with scripting in non-existent URLS

http://chesstst.eecs.berkeley.edu/xxx/%3Cscript%3Ealert(%27Vulnerable%27)%3C/script%3E brings up an alert box.

The fix is to modify the php files that generate the file unknown page. Each website has a separate file, see www/php/chess.eecs.berkeley.edu/layout/html.inc. php.

TRACE

OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details

See Secure Apache

The main idea is to add the following to /usr/local/apache/conf/rewrite.conf:

 # Block TRACE/TRACK XSS vector
 RewriteEngine On
 RewriteCond %{REQUEST_METHOD} ^TRAC(E|K)
 RewriteRule .* - [F]

and then run /etc/init.d/apachectl graceful