How To Disable OHW "Online Help" Module In SES Environment (Doc ID 2173059.1)

Last updated on DECEMBER 14, 2022

Applies to:

Oracle Secure Enterprise Search - Version 11.2.2.2.0 and later
Information in this document applies to any platform.

Goal

Its been noticed that a few third party scanning tools reporting OHW URLs in SES environment vulnerable to SQL Injection.

Ex: "http://<HOSTNAME>:7777/search/query/ohw/help/state/content/destination.1~-1~-1~2~-0~-1~6~/expanded.1~3~/navId.1/navSetId._/oldNavId.1/oldNavSetId._/?navId=0 AND 2481=2481 AND 2481=2482&locale=atestu&destination=atestu&oldNavId=1&source=atestu&navSetId=_&oldNavSetId=_&vtTopicFile=atestu&selNode=atestu&event=switchNavigator&setSel=atestu".

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

How To Disable OHW "Online Help" Module In SES Environment (Doc ID 2173059.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!