Unsolved
This post is more than 5 years old
1 Message
0
1735
idrac 5 vulnerabilities
Hi,
I have DRAC5 in our environment and there are multiple vulnerability has been reported for same.
Below are the vulnerability list:
1. OpenSSH "X11UseLocalhost" X11 Forwarding Session Hijacking Vulnerability
2. Apache HTTPD: error responses can expose cookies (CVE-2012-0053)
3. OpenSSL SSL/TLS MITM vulnerability (CVE-2014-0224)
4. X.509 Server Certificate Is Invalid/Expired
5. TLS/SSL Server Supports DES and IDEA Cipher Suites
6. Untrusted TLS/SSL server X.509 certificate
7. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
8. MD5-based Signature in TLS/SSL Server X.509 Certificate
9. TLS/SSL Server is enabling the POODLE attack
and etc.....
Can you please suggest solution to fix this vulnerability.
Reagrds,
AB
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
July 9th, 2018 07:00
Ankushborse,
The vulnerabilities you referenced have been addressed, or corrected through firmware over a course of time. This is because they weren't discovered at the same time, as well as that some of these we determined there was no actual vulnerability. So the fixes have been done through updates, so the best thing to do is to make sure that the server is up to date on BIOS, as well as Drac 5 updates.
buckewilde
1 Message
0
August 21st, 2018 13:00
Is the Idrac 5 still supported by Dell?