How To Disable OHW "Online Help" Module In SES Environment
(Doc ID 2173059.1)
Last updated on FEBRUARY 01, 2019
Applies to:Oracle Secure Enterprise Search - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Its been noticed that a few third party scanning tools reporting OHW URLs in SES environment vulnerable to SQL Injection.
Ex: "http://<HOSTNAME>:7777/search/query/ohw/help/state/content/destination.1~-1~-1~2~-0~-1~6~/expanded.1~3~/navId.1/navSetId._/oldNavId.1/oldNavSetId._/?navId=0 AND 2481=2481 AND 2481=2482&locale=atestu&destination=atestu&oldNavId=1&source=atestu&navSetId=_&oldNavSetId=_&vtTopicFile=atestu&selNode=atestu&event=switchNavigator&setSel=atestu".
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document