Help

Systems Management General

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Last reply by 03-01-2020 Unsolved
Start a Discussion
2 Jasper
2 Jasper
6273
‎07-02-2019 04:28 AM

Vulnerability - 11827 :: HTTP Security Header Not Detected

Hi all,

Hopefully you can help me with below vulnerability.

The IDRAC versions are 7 and 8 with the firmware version 2.60 and 2.50 respectively.

11827 :: HTTP Security Header Not Detected . We have been flagged for this vulnerability on Qualys Guard scans, could you please advise how we should proceed to fix this.

IPv4 :: 10.x.x.x:5900 (tcp) :: INTERNAL 11827 :: HTTP Security Header Not Detected
IPv4 :: 10.x.x.x:5900 (tcp) :: INTERNAL 11827 :: HTTP Security Header Not Detected

Please note that the ip addresses are the IDRAC ip addresses and the port 5900 is to launch the virtual console.

Thank you

 

0 Kudos
Accept as Solution
Replies (8)
MOD
MOD
6258
‎07-02-2019 09:18 AM

Hello,

The latest iDRAC update, 2.63.60.62, included some changes for security. You might consider updating and seeing if the vulnerability you're seeing is resolved.

#Iwork4Dell
0 Kudos
Accept as Solution
2 Jasper
2 Jasper
In response to Dell-DylanJ
6177
‎07-10-2019 06:16 AM

I've checked the idrac release notes but I can't find anything about this security vulnerability so I am not sure if it is included or not.

0 Kudos
Accept as Solution
2 Bronze
2 Bronze
In response to Dell-DylanJ
5200
‎10-07-2019 05:23 AM

I upgraded IDRAC7 to 2.63.60.62 and ran qualys scan, 11827 is still present and is not remediated as stated

0 Kudos
Accept as Solution
2 Bronze
2 Bronze
6103
‎07-17-2019 11:33 AM

Nintrix,

This feature is currently available in the latest iDRAC9 release.   The fix for iDRAC8 will be coming later this fall; the version we are targeting is 2.70.70.70

Hope this helps --

Doug

Doug Iler

iDRAC Product Manager

Dell EMC

Accept as Solution
2 Bronze
2 Bronze
In response to DELL-Doug I
5837
‎08-19-2019 05:29 PM

Are their beta releases of these newer iDRAC 8 releases for non-production server testing?

 

 

0 Kudos
Accept as Solution
2 Bronze
2 Bronze
In response to McNeill.Daniel
5634
‎09-09-2019 01:11 PM

Sorry, but no.  Target release date is mid October. 

Accept as Solution
2 Bronze
2 Bronze
In response to DELL-Doug I
4391
‎03-01-2020 01:52 PM

Please fix the fan speed issue introduced in 2.70.70.70 or the UEFI3015 hit <F1> error if it is rolled back to a version prior that doesn't have that speed issue. The 100% increase in noise is driving my client nuts.  If I rollback the version the noise goes back to normal but the servers get the hit UEFI0315 error, hit <F1> to continue. Rolling the bios back from 2.81 doesn't change anything either, 

I've advised them to seek legal action against Dell if they feel they can't get this resolved otherwise. They are aware of Dell's position on non-certified drives but they consider the near doubling of fan speeds and subsequent noise increase to be harassment for not buying Dell products, and a violation of both good-faith, consumer protection, and Anti-Trust laws. E.g., Honda, Toyota etc can't tell a car owner that unless they use Honda, Toyota certified car washes and waxes, etc., that if the paint fails it is the owner's problem. I am told that would be an anti-trust and consumer protection act violation.  Just fix whatever that is broken in 2.70.70.70

0 Kudos
Accept as Solution
2 Bronze
2 Bronze
In response to Kent100
4384
‎03-01-2020 03:35 PM

@Kent100 

Kent - I do understand that fan noise can be an issue.  But in order to fully understand the situation, I will need a lot more details.  Please have your client open up a ticket with Tech Support.  This will provide us with the details necessary to assist.  

Please contact me directly at doug_iler@dell.com.

thanks - 

Doug Iler

iDRAC Product Manager

Dell EMC 

0 Kudos
Accept as Solution
Latest Solutions
Load more
See More
Top Contributor