My Oracle Support Banner

Mitigating Host Header Attacks on Oracle HTTP Server (Doc ID 2356329.1)

Last updated on SEPTEMBER 07, 2023

Applies to:

Oracle HTTP Server - Version 10.1.3.5.0 and later
Oracle Fusion Middleware - Version 10.1.3.5.0 and later
Information in this document applies to any platform.

Purpose

Mitigating Host Header Attacks on Oracle HTTP Server 11g/12c

This document provides information about the limitations of host headers and how to set things up properly to prevent potential problems with an application.  You should always first install Critical Patch Updates for products in use. Not only for Oracle HTTP Server but Weblogic Server and any other Fusion Middleware products you have installed, e.g. Forms, OBIEE, OAM, etc where applications are deployed for these products.  See the latest Patch Availability Document posted in the latest Security Advisory at https://www.oracle.com/technetwork/topics/security/alerts-086861.html

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
 Mitigating Host Header Attacks on Oracle HTTP Server 11g/12c
Details
 Introduction
 Best Practice Oracle HTTP Server Configuration
 
 Examples
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.