My Oracle Support Banner

How To Disable OHW "Online Help" Module In SES Environment (Doc ID 2173059.1)

Last updated on OCTOBER 12, 2018

Applies to:

Oracle Secure Enterprise Search - Version and later
Information in this document applies to any platform.


 Its been noticed that a few third party scanning tools reporting OHW URLs in SES environment vulnerable to SQL Injection.

Ex: "http://xx.xx.xx.xx:7777/search/query/ohw/help/state/content/destination.1~-1~-1~2~-0~-1~6~/expanded.1~3~/navId.1/navSetId._/oldNavId.1/oldNavSetId._/?navId=0%20AND%202481%3d2481%20AND%202481%3d2482&locale=atestu&destination=atestu&oldNavId=1&source=atestu&navSetId=_&oldNavSetId=_&vtTopicFile=atestu&selNode=atestu&event=switchNavigator&setSel=atestu".



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.