Skip to main content

HTTP TRACE / TRACK Methods Allowed Vulnerability

HTTP TRACE / TRACK Methods Allowed is one of the vulnerabilities which haunts Apache server.

To remove this vulnerability,

1. Modify httpd.conf add the following lines at the end of the file.

#Added by Mithun Ashok to remove vulnerabilities
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

2. Restart Apache.

Following steps can be used for Oracle E-Biz Suite 11i in along with modifying httpd.conf.


In 11i, this vulnerability not only surfaces for http port but also for httpd_pls as well as oprocmgr port. Follow the steps below to remove HTTP Trace and Track for httpd_pls and oprocmgr port.


3. Modify httpd.conf,

First comment following line in httpd.conf,

AddModule mod_rewrite.c
and then add the same line,

AddModule mod_rewrite.c
before the line below,



include "$IAS_ORACLE_HOME/Apache/Apache/conf/oprocmgr.conf"


4. Modify oprocmgr.conf,

 <Location /oprocmgr-service>
       SetHandler oprocmgr-service
     </Location>
     <Location /oprocmgr-status>
       SetHandler oprocmgr-status
     </Location>
   </VirtualHost>
</IfModule>
# End of oprocmgr directives.


to


 <Location /oprocmgr-service>
       SetHandler oprocmgr-service
     </Location>
     <Location /oprocmgr-status>
       SetHandler oprocmgr-status
     </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
   </VirtualHost>
</IfModule>
# End of oprocmgr directives.


5. Modify httpd_pls.conf add the following lines at the end of the file.

#Added by Mithun Ashok to remove vulnerabilities
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]


6. Modify httpd_pls.conf modify following section from,

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Deny from all
    Allow from localhost
  </Location>
</VirtualHost>


to

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Deny from all
    Allow from localhost
  </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>


6. Restart Apache.

Comments

Popular posts from this blog

SQL Interview Questions on Subqueries

SUB Queries:
1. List the employees working in research department 2. List employees who are located in New York and Chicago
3. Display the department name in which ANALYSTS are working
4. Display employees who are reporting to JONES
5. Display all the employees who are reporting to Jones Manager
6. Display all the managers in SALES and ACCOUNTING department
7. Display all the employee names in Research and Sales Department who are having at least 1 person reporting to them
8. Display all employees who do not have any reportees
9. List employees who are having at least 2 reporting
10. List the department names which are having more than 5 employees
11. List department name having at-least 3 salesman
12. List employees from research and accounting having at-least 2 reporting
13. Display second max salary
14. Display 4th max salary
15. Display 5th max salary  -- Answer for nth Max Salary
Co-Related Subqueries:
16. Write a query to get 4th max salary from EMP table
17. Write a query to get 2nd…

Basics of RDBMS

Data
Small set of information becomes data, this set of information helps make decision. Data is always some useful information.


Database
Place where you store the data. Database represents some aspect of the real world called "miniworld". A database is designed, built and populated with data for a specific purpose. It has intended group of users and some preconceived applications in which these users are interested.

In other words, a database has some source from which data is derived, some degree of interaction with events in the real world and an audience that is actively interested in the contents of the database.

Database can also be defined as collection of one or more tables.

Ex: Mobile, human brain etc



DBMS (Database Management System)
Is a program that stores retrieves and modifies data in the database on request.

Study of different techniques of design, development and maintenance of the database

Types of DBMS
These types are based upon their management of database s…

Answers for SQL Functions

1. SQL> SELECT empno, ename FROM emp WHERE Length(ename) = 4;

2. SQL> SELECT empno, ename, job FROM emp where Length(job)=7;

3. SQL> SELECT Length('qspiders') - Length(replace('qspiders','s','')) FROM dual;

4. SQL>  SELECT empno, ename, job FROM emp WHERE Instr(job,'MAN') >0;

5. SQL> SELECT empno, ename, job FROM emp WHERE Instr(job, 'MAN') =1;

6. SQL> SELECT empno, ename, job FROM emp WHERE (Length(ename) - Length(Replace(ename, 'L',''))) = 1;

7. SQL> SELECT * FROM dept WHERE Instr(dname,'O') > 0;

8. SQL> SELECT Concat(ename,' working as a ') || Concat(job, ' earns ') || Concat(sal, '  in ') || Conc
at('dept ',deptno) AS text from emp;

OR

SQL> SELECT Concat(Concat(Concat(Concat(Concat(Concat(Concat(ename,' working as a '), job),' earns '), sal),'  in '),'dept '), deptno) AS text FROM emp;

9. SQL> SELECT empno, ename…