The following vulnerability is being flagged on a few servers configured with iLO: OpenSSL SSL/TLS Man-In-The-Middle Injection Attack. (CVE-2014-0224 - Vul ID 16684) I have updated the iLO firmware and OpenSSL SSL/TLS Man-In-The-Middle Injection Attack goes away. Now Apache Tomcat functions.jsp XSS (CVE-2005-4838) is being detected on that server! I don't have Tomcat installed. I have the lastest firmware and software for iLO installed and this will not go away. Anyone have any ideas/suggestions? Servers are HP Proliant DL385p Gen8 running Server 2008 R2 Standard
I moved this to Vulnerability Manager (Foundstone) as I think it's a better spot, than Security Awareness, to get a response.