I would install the latest c7000 OA firmware. This might fix the issue.
However, unlike operating systems, web servers and other programs that use https, firmware is provided for support of the underlying hardware and as such, does not receive the same updates. That's why good data center practice is to never place hardware access ports such as OA, iLO, consoles, GSP, MP or any direct hardware connections on a company network. Instead, all these connections should be on an isolated subnet with *NO* router. The only access to these ports should be through a secure server (HP-UX, Linux, etc -- no Windows) with 2 NICs, one for the isolated subnet and the other to a sysadmin network.
Virtually every server, switch, router, tape library, etc will have a security issue with a web interface after 3-4 years. Security audits will catch the issue but a fix is not likely and the only solution is get an audit exception, disconnect the service port and use a KVM (if possible), or use an isolated subnet.
