Our security team reported the results of a Nessus Security scan against a Virtualization Manager v5 virtual appliance. This returned several Medium vulnerabilities.
Plugin - Plugin Name
12085 - Apache Tomcat servlet/ JSP container default files
15901 - SSL Certificate Expiry
26928 - SSL Weak Cipher Suites Supported
42873 - SSL Medium Strength Cipher Suites Supported
51526 - Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS
51975 - Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
51987 - Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector Denial of Service
56008 - Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities
SolarWinds Support indicated these are not considered bugs and should be submitted as a feature request.
Is there a plan to fix these in future versions of Virtualization Manager?
Thanks.
Kevin
