Skip to main content
Start a Conversation

Unsolved

N

nintrix

40 Posts

6975

July 2nd, 2019 02:00

Vulnerability - 11827 :: HTTP Security Header Not Detected

Hi all,

Hopefully you can help me with below vulnerability.

The IDRAC versions are 7 and 8 with the firmware version 2.60 and 2.50 respectively.

11827 :: HTTP Security Header Not Detected . We have been flagged for this vulnerability on Qualys Guard scans, could you please advise how we should proceed to fix this.

IPv4 :: 10.x.x.x:5900 (tcp) :: INTERNAL 11827 :: HTTP Security Header Not Detected
IPv4 :: 10.x.x.x:5900 (tcp) :: INTERNAL 11827 :: HTTP Security Header Not Detected

Please note that the ip addresses are the IDRAC ip addresses and the port 5900 is to launch the virtual console.

Thank you

 

Dell-DylanJ

4 Operator

 • 

2.9K Posts

July 2nd, 2019 07:00

Hello,

The latest iDRAC update, 2.63.60.62, included some changes for security. You might consider updating and seeing if the vulnerability you're seeing is resolved.

nintrix

40 Posts

July 10th, 2019 04:00

I've checked the idrac release notes but I can't find anything about this security vulnerability so I am not sure if it is included or not.

DELL-Doug I

7 Posts

July 17th, 2019 09:00

Nintrix,

This feature is currently available in the latest iDRAC9 release.   The fix for iDRAC8 will be coming later this fall; the version we are targeting is 2.70.70.70

Hope this helps --

Doug

Doug Iler

iDRAC Product Manager

Dell EMC

McNeill.Daniel

1 Rookie

 • 

24 Posts

August 19th, 2019 15:00

Are their beta releases of these newer iDRAC 8 releases for non-production server testing?

 

 

DELL-Doug I

7 Posts

September 9th, 2019 11:00

Sorry, but no.  Target release date is mid October. 

AliShish

1 Message

October 7th, 2019 03:00

I upgraded IDRAC7 to 2.63.60.62 and ran qualys scan, 11827 is still present and is not remediated as stated

Kent100

1 Rookie

 • 

6 Posts

March 1st, 2020 11:00

Please fix the fan speed issue introduced in 2.70.70.70 or the UEFI3015 hit error if it is rolled back to a version prior that doesn't have that speed issue. The 100% increase in noise is driving my client nuts.  If I rollback the version the noise goes back to normal but the servers get the hit UEFI0315 error, hit to continue. Rolling the bios back from 2.81 doesn't change anything either, 

I've advised them to seek legal action against Dell if they feel they can't get this resolved otherwise. They are aware of Dell's position on non-certified drives but they consider the near doubling of fan speeds and subsequent noise increase to be harassment for not buying Dell products, and a violation of both good-faith, consumer protection, and Anti-Trust laws. E.g., Honda, Toyota etc can't tell a car owner that unless they use Honda, Toyota certified car washes and waxes, etc., that if the paint fails it is the owner's problem. I am told that would be an anti-trust and consumer protection act violation.  Just fix whatever that is broken in 2.70.70.70

DELL-Doug I

7 Posts

March 1st, 2020 13:00

@Kent100 

Kent - I do understand that fan noise can be an issue.  But in order to fully understand the situation, I will need a lot more details.  Please have your client open up a ticket with Tech Support.  This will provide us with the details necessary to assist.  

Please contact me directly at doug_iler@dell.com.

thanks - 

Doug Iler

iDRAC Product Manager

Dell EMC 

View More

View All

No Events found!

Top