Fibre Channel (SAN)

Reply
Contributor
Posts: 23
Registered: ‎09-26-2011
Accepted Solution

Security Issue on a switch FC

Hi Boys?how are you?

Security team told me that a switch report this problem:

 

Apache 1.3 HTTP Server Expect Header Cross-Site Scripting

 

And We are talking about this switch

 

http://sia1.subirimagenes.net/img/2015/04/24/150424124709661512.jpg

http://sia1.subirimagenes.net/img/2015/04/24/150424124710867145.jpg

 

Could someone tell me how to fix it?? Should I do an upgrade?? which version?

Thanks!!

Contributor
Posts: 54
Registered: ‎07-08-2011

Re: Security Issue on a switch FC

From FOS Security Vulnerability Report :

 

Summary:

 

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file

 

Technical Details : FOS is not exposed to this vulnerability. FOS does not support Flash files.

Contributor
Posts: 23
Registered: ‎09-26-2011

Re: Security Issue on a switch FC

so is it a false positive??? right??

Contributor
Posts: 54
Registered: ‎07-08-2011

Re: Security Issue on a switch FC

Yes. This is NOT APPLICABLE for FOS .

Occasional Visitor
Posts: 1
Registered: ‎04-15-2016

Re: Security Issue on a switch FC

I've received similar security warning on the MLX.  Does anyone know what version of the RomPager is MLX running?

 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.