| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||||
Solution Type Problem Resolution Sure Solution 1553679.1 : ILOM Fails Security Scans
In this Document
Created from <SR 3-7194557971> Applies to:Oracle Exalogic Elastic Cloud X2-2 One-Eighth Rack - Version X2 to X2 [Release X2]Information in this document applies to any platform. SymptomsSecurity Scan fails on port 5556 and reports weak ciphers: Web Server/ Web Application Vulnerable to Cross-Site Scripting Attacks port 443/tcp CVSS
SSL Server Supports Weak Encryption Vulnerability port 5556/tcp over SSL CVSS SSL Allows the use of Weak Ciphers. -TID10100633 (http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm) RESULTS: CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE SSLv3 WEAK CIPHERS EXP1024-DES-CBC-SHA RSA(1024) RSA SHA1 DES(56) LOW DES-CBC-SHA RSA RSA SHA1 DES(56) LOW EXP1024-RC4-SHA RSA(1024) RSA SHA1 RC4(56) LOW TLSv1 WEAK CIPHERS EXP1024-DES-CBC-SHA RSA(1024) RSA SHA1 DES(56) LOW DES-CBC-SHA RSA RSA SHA1 DES(56) LOW EXP1024-RC4-SHA RSA(1024) RSA SHA1 RC4(56) LOW CauseILOM Web/KVM Access for security reasons SolutionWeak ciphers need to be disabled in ILOM through ILOM configuration. From ILOM Configuration, click on System Management and then Web Server. Ensure Weak ciphers options have been unchecked. https://docs.oracle.com/cd/E19860-01/E21448/E21448.pdf There appears to be no option to turn off medium or weak ciphers for KVMS port. Please see "ILOM: Security Scan reports 'medium Strength Ciphers' <Note 1505303.1>. This is only available on later releases of ILOM 3.2 and later. The only option is to disable KVMS. set /SP/services/kvms servicestate=disabled
set /SP/services/http servicestate=disabled
and set /SP/services/https servicestate=disabled Attachments This solution has no attachment |
||||||||||||||||||
|
||||||||||||||||||