Skip to main content

Posts

Showing posts from May, 2012

Vulnerability -- Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation

To remove this vulnerability,

Modify oprocmgr.conf from

  <VirtualHost _default_:8100>
<IfDefine SSL>
     SSLEngine off
</IfDefine>
     Port 8100
     <Location />
       Order Deny,Allow
       Allow from all

To,

  <VirtualHost _default_:8100>
<IfDefine SSL>
     SSLEngine off
</IfDefine>
     Port 8100
     <Location />
       Order Deny,Allow
       Deny from all



You need to modify only "Allow from all" to "Deny from all" rest everything will remain the same.


Post a Comment
Read more

Vulnerability -- Oracle 9iAS DMS / JPM Pages Anonymous Access

To remove this vulnerability from your E-Biz suite implementation,

1. Modify the following section in httpd.conf and httpd_pls.conf

From,

<IfModule mod_dms.c>
  <Location /dms0>
    SetHandler dms-handler
</Location>
</IfModule>


To,


<IfModule mod_dms.c>
  <Location /dms0>
    SetHandler dms-handler
    Order Deny,Allow
    Deny from all
</Location>
</IfModule>


2. Modify trusted.conf

From,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
  Allow from all

To,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all



3. Modify httpd_pls.conf,

Add the following to VirtualHost,

 <Location ~ "/(dms0|DMS|Spy|AggreSpy)">
 Order deny,allow
 Deny from all
 </Location>



Modify it From,

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Allow from all
    Allow from localhost
     </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
&l…
Post a Comment
Read more

Windows XP Mode for Windows 7 Users

Am one of Windows XP lovers for its simple, elegant and yet faster interface with less bug free environment.

Lately I was forced to used Windows 7 which is part of my companies policy to move to a supported version of windows for all the laptops. With all the resistance I had to move to Windows 7 for RAM's sake that is Random Access Memory.

Windows XP does not support more than 3GB of memory, and my laptops are always loaded with too may Application Servers, Databases and Software's.

Nothing is perfect in this world and even Windows 7 is not perfect and it cannot run many of the applications that I use.

Also one major problem with Windows 7 is that it cannot run Jinitiator which is used for E-Biz Suite prior to 11.5.10.2. Even Oracle does not support Windows 7 client with Jinitiator, refer to Oracle Support document formerly metalink document,


Is The Oracle Jinitiator JRE / Plugin Compatible Or Certified With Windows 7? [ID 1234626.1]

Most of my customer run 11i with Jinitiato…
1 comment
Read more

How to replace a string in vi editor which includes / or to replace ^M in vi

To replace a string in vi editor use global replace command,

:%s/searchstring/replacestring/g


this statement will replace searchstring and replace it with replacestring.

One more example,

:%s/hello/hi/g

Here this command will replace string hello with hi in the entire text.


Above is fairly simple and most of us who work on vi are well versed with the command above. Problem is when you want to remove ^M and replace a directory structure with another one.

Consider replacing a directory /home/applmgr with /usr/var in a text file,

Post a Comment
Read more

HTTP TRACE / TRACK Methods Allowed Vulnerability

HTTP TRACE / TRACK Methods Allowed is one of the vulnerabilities which haunts Apache server.

To remove this vulnerability,

1. Modify httpd.conf add the following lines at the end of the file.

#Added by Mithun Ashok to remove vulnerabilities
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

2. Restart Apache.

Following steps can be used for Oracle E-Biz Suite 11i in along with modifying httpd.conf.


In 11i, this vulnerability not only surfaces for http port but also for httpd_pls as well as oprocmgr port. Follow the steps below to remove HTTP Trace and Track for httpd_pls and oprocmgr port.


3. Modify httpd.conf,

First comment following line in httpd.conf,

AddModule mod_rewrite.c
and then add the same line,

AddModule mod_rewrite.c
before the line below,

Post a Comment
Read more