Systems Management General

Last reply by 03-01-2020 Unsolved
Start a Discussion
2 Jasper
2 Jasper
6273

Vulnerability - 11827 :: HTTP Security Header Not Detected

Hi all,

Hopefully you can help me with below vulnerability.

The IDRAC versions are 7 and 8 with the firmware version 2.60 and 2.50 respectively.

11827 :: HTTP Security Header Not Detected . We have been flagged for this vulnerability on Qualys Guard scans, could you please advise how we should proceed to fix this.

IPv4 :: 10.x.x.x:5900 (tcp) :: INTERNAL 11827 :: HTTP Security Header Not Detected
IPv4 :: 10.x.x.x:5900 (tcp) :: INTERNAL 11827 :: HTTP Security Header Not Detected

Please note that the ip addresses are the IDRAC ip addresses and the port 5900 is to launch the virtual console.

Thank you

 

Replies (8)
6258

Hello,

The latest iDRAC update, 2.63.60.62, included some changes for security. You might consider updating and seeing if the vulnerability you're seeing is resolved.

#Iwork4Dell
6177

I've checked the idrac release notes but I can't find anything about this security vulnerability so I am not sure if it is included or not.

5200

I upgraded IDRAC7 to 2.63.60.62 and ran qualys scan, 11827 is still present and is not remediated as stated

2 Bronze
2 Bronze
6103

Nintrix,

This feature is currently available in the latest iDRAC9 release.   The fix for iDRAC8 will be coming later this fall; the version we are targeting is 2.70.70.70

Hope this helps --

Doug

Doug Iler

iDRAC Product Manager

Dell EMC

5837

Are their beta releases of these newer iDRAC 8 releases for non-production server testing?

 

 

5634

Sorry, but no.  Target release date is mid October. 

4391

Please fix the fan speed issue introduced in 2.70.70.70 or the UEFI3015 hit <F1> error if it is rolled back to a version prior that doesn't have that speed issue. The 100% increase in noise is driving my client nuts.  If I rollback the version the noise goes back to normal but the servers get the hit UEFI0315 error, hit <F1> to continue. Rolling the bios back from 2.81 doesn't change anything either, 

I've advised them to seek legal action against Dell if they feel they can't get this resolved otherwise. They are aware of Dell's position on non-certified drives but they consider the near doubling of fan speeds and subsequent noise increase to be harassment for not buying Dell products, and a violation of both good-faith, consumer protection, and Anti-Trust laws. E.g., Honda, Toyota etc can't tell a car owner that unless they use Honda, Toyota certified car washes and waxes, etc., that if the paint fails it is the owner's problem. I am told that would be an anti-trust and consumer protection act violation.  Just fix whatever that is broken in 2.70.70.70

4384

@Kent100 

Kent - I do understand that fan noise can be an issue.  But in order to fully understand the situation, I will need a lot more details.  Please have your client open up a ticket with Tech Support.  This will provide us with the details necessary to assist.  

Please contact me directly at doug_iler@dell.com.

thanks - 

Doug Iler

iDRAC Product Manager

Dell EMC 

Latest Solutions
Top Contributor