Skip to main content

Vulnerability -- Oracle 9iAS DMS / JPM Pages Anonymous Access


To remove this vulnerability from your E-Biz suite implementation,

1. Modify the following section in httpd.conf and httpd_pls.conf

From,

<IfModule mod_dms.c>
  <Location /dms0>
    SetHandler dms-handler
</Location>
</IfModule>


To,


<IfModule mod_dms.c>
  <Location /dms0>
    SetHandler dms-handler
    Order Deny,Allow
    Deny from all
</Location>
</IfModule>


2. Modify trusted.conf

From,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
  Allow from all

To,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all
 


3. Modify httpd_pls.conf,

Add the following to VirtualHost,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all
 </Location>



Modify it From,

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Allow from all
    Allow from localhost
     </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>

To,

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Allow from all
    Allow from localhost
    </Location>
 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all
 </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>

4. Restart Apache.
Labels:

Comments

Post a Comment

Popular posts from this blog

Basics of RDBMS

Data Small set of information becomes data, this set of information helps make decision. Data is always some useful information. Database Place where you store the data. Database represents some aspect of the real world called "miniworld". A database is designed, built and populated with data for a specific purpose. It has intended group of users and some preconceived applications in which these users are interested. In other words, a database has some source from which data is derived, some degree of interaction with events in the real world and an audience that is actively interested in the contents of the database. Database can also be defined as collection of one or more tables. Ex: Mobile, human brain etc DBMS (Database Management System ) Is a program that stores retrieves and modifies data in the database on request. Study of different techniques of design, development and maintenance of the database Types of DBMS These types are based upon their m...
101 comments
Read more

Installing Oracle 10g Database

Once you have downloaded the software from www.oracle.com/downloads , following steps can be used to install the software. 1. Unzip the dump downloaded from oracle.com 2. Once Unzipped, click on setup.exe to run Oracle Universal Installer Program. This will open a window as shown below.
60 comments
Read more