The OAAM Admin Console Server Returned Too Detailed HTTP Status Message (Doc ID 960509.1)

Last updated on AUGUST 06, 2013

Applies to:

Oracle Adaptive Access Manager - Version 10.1.4.5.0 and later
Information in this document applies to any platform.

Goal

How to configure the server for this? - In our latest battery of penetration tests on the ARM Admin Console, an attempted attack was made in which a TRACK request was issued with javascript.
The server that hosts the Admin Console returned a 501 status with detailed information about the server and the cause of the error. The server should return a more generic error to prevent persons will ill intent from getting details of the system.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms