02-11-2014 10:55 PM
Hi i have some questions regarding webtool v6.30
I am curently using the Brocade SAN 5800 switches.
Recently there were some guy doin PENTEST to our switches.
They have found some vulnerabilty.
1)Can HTTP TRACE be disabled on the SAN Switch?
As webtool brocade switches uses a in-built web server, is it possible to configure it to disable HTTP TRACE?
2)Is there a new version of Apache for the SAN Switch?
3)Are stronger SSL Ciphers supported on the SAN Switch?
Apparently,from the test result it show that Weak Cipher is configure on my SAN switch.
ideally it should be 128 bits key.How do i configure it?
Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA
Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted SSLv3 56 bits DES-CBC-SHA
Accepted SSLv3 40 bits EXP-DES-CBC-SHA
Accepted SSLv3 40 bits EXP-RC2-CBC-MD5
Accepted SSLv3 40 bits EXP-RC4-MD5
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 40 bits EXP-RC4-MD5
02-11-2014 11:24 PM
Apache and other Features/Applications, are part in FOS Package.
you can find details about the release in Brocade OSCD
-->> As webtool brocade switches uses a in-built web server, is it possible to configure it to disable HTTP TRACE?
No. however you van disable the http service, but keep in mind in suche case the webtools is not londer available.
Is there a new version of Apache for the SAN Switch?
yes, I would suggest to upgrade to new FOS release, because v6.3.0 is EOS