Hey, wondering if someone can help - we have two iDRAC ports which have been scanned - and two vulnerabilities found -
- HTTP negative content bugger overflow - summary being “we could crash the web server by sending an invalid POST HTTP request”
- Header overflow against HTTP proxy - summary being “it was possible to kill the HTTP proxy by sending an invalid request”
the thing is, neither of those iDRAC’s act as either web servers or proxy servers - it says the solution for is to “upgrade your software” for the proxy, and “upgrade your web server” for the web server - but does this mean the firmwares (which are up to date anyway) or something else?
or are they just false positives?
greatly appreciate any response