Mitigating Host Header Attacks on Oracle HTTP Server
(Doc ID 2356329.1)
Last updated on SEPTEMBER 09, 2024
Applies to:
Oracle HTTP Server - Version 10.1.3.5.0 and later Oracle Fusion Middleware - Version 10.1.3.5.0 and later Information in this document applies to any platform.
Purpose
Mitigating Host Header Attacks on Oracle HTTP Server 11g/12c
This document provides information about the limitations of host headers and how to set things up properly to prevent potential problems with an application. You should always first install Critical Patch Updates for products in use. Not only for Oracle HTTP Server but Weblogic Server and any other Fusion Middleware products you have installed, e.g. Forms, OBIEE, OAM, etc where applications are deployed for these products. See the latest Patch Availability Document posted in the latest Security Advisory at https://www.oracle.com/technetwork/topics/security/alerts-086861.html
Details
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!