Skip to main content

Vulnerability -- Oracle 9iAS DMS / JPM Pages Anonymous Access


To remove this vulnerability from your E-Biz suite implementation,

1. Modify the following section in httpd.conf and httpd_pls.conf

From,

<IfModule mod_dms.c>
  <Location /dms0>
    SetHandler dms-handler
</Location>
</IfModule>


To,


<IfModule mod_dms.c>
  <Location /dms0>
    SetHandler dms-handler
    Order Deny,Allow
    Deny from all
</Location>
</IfModule>


2. Modify trusted.conf

From,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
  Allow from all

To,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all
 


3. Modify httpd_pls.conf,

Add the following to VirtualHost,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all
 </Location>



Modify it From,

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Allow from all
    Allow from localhost
     </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>

To,

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Allow from all
    Allow from localhost
    </Location>
 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all
 </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>

4. Restart Apache.
Labels:

Comments

Post a Comment

Popular posts from this blog

Basics of RDBMS

Data Small set of information becomes data, this set of information helps make decision. Data is always some useful information. Database Place where you store the data. Database represents some aspect of the real world called "miniworld". A database is designed, built and populated with data for a specific purpose. It has intended group of users and some preconceived applications in which these users are interested. In other words, a database has some source from which data is derived, some degree of interaction with events in the real world and an audience that is actively interested in the contents of the database. Database can also be defined as collection of one or more tables. Ex: Mobile, human brain etc DBMS (Database Management System ) Is a program that stores retrieves and modifies data in the database on request. Study of different techniques of design, development and maintenance of the database Types of DBMS These types are based upon their m...
101 comments
Read more

SQL Interview Questions

1. CLICK HERE FOR QUESTIONS ON BASIC SELECT     2. CLICK HERE FOR QUESTIONS ON BASIC SELECT WITH CONDITION   3.  CLICK HERE FOR QUESTIONS FROM QSPIDERS   4. CLICK HERE FOR QUESTIONS ON FUNCTIONS   5. CLICK HERE FOR QUESTIONS ON SUBQUERIES 6. CLICK HERE FOR MORE QUESTIONS ON SQL       CLICK HERE FOR ANSWERS   Some more Online Questions.   On WIZIQ.COM  -- 66 Questions and its answers Found by Neha Abhay Kumar   On SCRIBD.COM   -- 235 Questions and its answers                                               
50 comments
Read more