cool hit counter HP's remote management tool iLO3 exposed to security vulnerability that leaves servers vulnerable to DoS attacks_Intefrankly

HP's remote management tool iLO3 exposed to security vulnerability that leaves servers vulnerable to DoS attacks


"Changing the world with your fingertips."

Hewlett Packard Enterprise (HPE), formed by Hewlett-Packard's spin-off in late 2015, has released a security patch to address its Remote management tool HPE Integrated Lights-Out 3 (ilo 3) in which a security vulnerability exists (CVE-2017-8987)

ilo The card has a separate network connection (i.e. its own IP address) for remote management of the ProLiant server. With iLO's remote management capabilities, users are able to manage ProLiant servers offsite as if they were operating in the field, saving travel costs and increasing productivity to extend system uptime.

Researchers at Rapid7, a provider of IT security solutions The vulnerability in iLO 3 was discovered in September 2017 and the issue was described as "high severity" and received a CVSS base score of 8.6

A remote attacker could use this vulnerability to launch a denial-of-service (DoS) attack, which could cause serious problems in the data center in some cases.

According to Rapid7's description, the There are several HTTP request methods that cause an iLO3 device running firmware version v1.88 to stop responding in multiple ways within 10 minutes.

SSH : Open sessions will not respond and new SSH sessions will not be created;

Web portal : The user cannot login to the portal and the login page will not load successfully.

Rapid7 said they did not test it against iLO 5. and that The following four invocation methods will also trigger a denial of service

curl -X OPTIONS hp-ilo-3.testing.your-org.com

curl -X PROPFIND hp-ilo-3.testing.your-org.com

curl -X PUT hp-ilo-3.testing.your-org.com

curl -X TRACE hp-ilo-3.testing.your-org.com

Wise & Co. publicly disclosed the vulnerability on Feb. 22 and reminded users to upgrade to iLO 3 (V1.89), available from the HPE Support Center. In addition, firmware versions 1.8, 1.82, 1.85 and 1.87) and iLO 4 (v2.55) are not affected

This article was written by Hacker Insight Comprehensive web compilation, images from the web; Reprinted with " Reposted from Hacker Insight ", with links.


Recommended>>
1、GradleForAndroid6 Testing Units
2、The Future of Deep Learning
3、DogFaceRecognition
4、GradleForAndroid1 Starting Gradle with AndroidStudio
5、iOS solves the problem of associative input of Chinese characters which causes the word limit to fail

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送

    已发送

    朋友将在看一看看到

    确定
    分享你的想法...
    取消

    分享想法到看一看

    确定
    最多200字,当前共

    发送中

    网络异常,请稍后重试

    微信扫一扫
    关注该公众号