1 Reply Latest reply on Feb 20, 2015 11:40 AM by Peter M

    Apache Tomcat functions.jsp XSS


      The following vulnerability is being flagged on a few servers configured with iLO:  OpenSSL SSL/TLS Man-In-The-Middle Injection Attack. (CVE-2014-0224 - Vul ID 16684) I have updated the iLO firmware and OpenSSL SSL/TLS Man-In-The-Middle Injection Attack goes away. Now Apache Tomcat functions.jsp XSS  (CVE-2005-4838) is being detected on that server! I don't have Tomcat installed.  I have the lastest firmware and software for iLO installed and this will not go away. Anyone have any ideas/suggestions? Servers are HP Proliant DL385p Gen8 running Server 2008 R2 Standard