Skip to main content


Showing posts from May, 2012

Vulnerability -- Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation

To remove this vulnerability, Modify oprocmgr.conf from   <VirtualHost _default_:8100> <IfDefine SSL>      SSLEngine off </IfDefine>      Port 8100      <Location />        Order Deny,Allow        Allow from all To,   <VirtualHost _default_:8100> <IfDefine SSL>      SSLEngine off </IfDefine>      Port 8100      <Location />        Order Deny,Allow        Deny from all You need to modify only "Allow from all" to "Deny from all" rest everything will remain the same.

Vulnerability -- Oracle 9iAS DMS / JPM Pages Anonymous Access

To remove this vulnerability from your E-Biz suite implementation, 1. Modify the following section in httpd.conf and httpd_pls.conf From, <IfModule mod_dms.c>   <Location /dms0>     SetHandler dms-handler </Location> </IfModule> To, <IfModule mod_dms.c>   <Location /dms0>     SetHandler dms-handler     Order Deny,Allow     Deny from all </Location> </IfModule> 2. Modify trusted.conf From,  <Location ~ "/(dms0|DMS|Spy|AggreSpy)">  Order deny,allow   Allow from all To,  <Location ~ "/(dms0|DMS|Spy|AggreSpy)">  Order deny,allow  Deny from all   3. Modify httpd_pls.conf, Add the following to VirtualHost,  <Location ~ "/(dms0|DMS|Spy|AggreSpy)">  Order deny,allow  Deny from all  </Location> Modify it From, <VirtualHost _default_:*>   <Location />     Order deny,allow     Allow from all     Allow from localhost      </Location> RewriteEngine on RewriteCond %{REQUEST_ME

Windows XP Mode for Windows 7 Users

Am one of Windows XP lovers for its simple, elegant and yet faster interface with less bug free environment. Lately I was forced to used Windows 7 which is part of my companies policy to move to a supported version of windows for all the laptops. With all the resistance I had to move to Windows 7 for RAM's sake that is Random Access Memory. Windows XP does not support more than 3GB of memory, and my laptops are always loaded with too may Application Servers, Databases and Software's. Nothing is perfect in this world and even Windows 7 is not perfect and it cannot run many of the applications that I use. Also one major problem with Windows 7 is that it cannot run Jinitiator which is used for E-Biz Suite prior to Even Oracle does not support Windows 7 client with Jinitiator, refer to Oracle Support document formerly metalink document, Is The Oracle Jinitiator JRE / Plugin Compatible Or Certified With Windows 7? [ID 1234626.1] Most of my customer run 11i wi

How to replace a string in vi editor which includes / or to replace ^M in vi

To replace a string in vi editor use global replace command, :%s/searchstring/replacestring/g this statement will replace searchstring and replace it with replacestring. One more example, :%s/hello/hi/g Here this command will replace string hello with hi in the entire text. Above is fairly simple and most of us who work on vi are well versed with the command above. Problem is when you want to remove ^M and replace a directory structure with another one. Consider replacing a directory /home/applmgr with /usr/var in a text file,

HTTP TRACE / TRACK Methods Allowed Vulnerability

HTTP TRACE / TRACK Methods Allowed is one of the vulnerabilities which haunts Apache server. To remove this vulnerability, 1. Modify httpd.conf add the following lines at the end of the file. #Added by Mithun Ashok to remove vulnerabilities RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] 2. Restart Apache. Following steps can be used for Oracle E-Biz Suite 11i in along with modifying httpd.conf. In 11i, this vulnerability not only surfaces for http port but also for httpd_pls as well as oprocmgr port. Follow the steps below to remove HTTP Trace and Track for httpd_pls and oprocmgr port. 3. Modify httpd.conf, First comment following line in httpd.conf, AddModule mod_rewrite.c and then add the same line, AddModule mod_rewrite.c before the line below,