How To Disable OHW "Online Help" Module In SES Environment (Doc ID 2173059.1)

Last updated on AUGUST 17, 2016

Applies to:

Oracle Secure Enterprise Search - Version 11.2.2.2.0 and later
Information in this document applies to any platform.

Goal

 Its been noticed that a few third party scanning tools reporting OHW URLs in SES environment vulnerable to SQL Injection.

Ex: "http://xx.xx.xx.xx:7777/search/query/ohw/help/state/content/destination.1~-1~-1~2~-0~-1~6~/expanded.1~3~/navId.1/navSetId._/oldNavId.1/oldNavSetId._/?navId=0%20AND%202481%3d2481%20AND%202481%3d2482&locale=atestu&destination=atestu&oldNavId=1&source=atestu&navSetId=_&oldNavSetId=_&vtTopicFile=atestu&selNode=atestu&event=switchNavigator&setSel=atestu".

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms