TCPDUMP is a swiss army knife for all the administrators and developers when it comes to troubleshooting. This post is written for the people who work in middleware technologies. Web servers such as Apache, NGINX, Oracle HTTP, IHS web servers and application servers such as Weblogic, Websphere, Tomcat, Jboss Consider[...]
Read moreAuthor: Sarav AK
Arbitary File Download Vulnerability
Overview Some websites may provide file viewing or download functionality because of business needs. If you do not limit user from viewing or downloading files, a malicious user may attempt to view or download any file from your server. Attackers may construct malicious requests to download sensitive files from the[...]
Read moreOracle WebLogic Java Deserialization Vulnerability (CVE-2018-2628)
Overview Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server via unsafe deserialization of Java objects. Successful[...]
Read moreHow to upgrade Java JDK version in Websphere 8.5
In this post we are going to see how to upgarde the websphere application server JDK from Java6 to 7.0 Download and install Java 7.0, which is shipped with Websphere application server v8.5.5 from Passport Advantage: Note: Java 7.0 fixpacks are shipped with every WAS v8.5.x fixpack, but base Java 7.0[...]
Read moreDisable WebServer Banner Apache/IHS
Overview Don’t display or send Apache version (Set ServerTokens) By default, the server HTTP response header will contains apache and php version. Something similar to the following. This is harmful, as we don’t want an attacker to know about the specific version number. Apache can reveal information by default configuration,[...]
Read moreWebserver Directory traversal
Webserver Directory traversal Overview File path traversal attack or directory traversal attack in web application is a common security issue.In this a hacker can get access to the files or directories of a webserver through the web url which will lead to major security issues. If you are using Apache[...]
Read morePOODLE fix in Weblogic
POODLE fix in Oracle weblogic server Overview Newer versions of web browsers (e.g. Chrome) are now configured with policies which only allow websites or portal which enforce the strongest encryption technology to be viewed. SSL version 3 is no more secure due to POODLE attack. Most of the browser[...]
Read moreOracle Weblogic Basic Authentication
Overview Oracle WebLogic Server authentication is enabled by default. However, this configuration prevents Oracle WebLogic Server from using application managed authentication. You must disable Oracle WebLogic Server authentication by setting the enforce-valid-basic-auth-credentials parameter to false. Procedure To disable Oracle WebLogic Server authentication: In a text editor, open the xmlfile from the domain folder. The config.xml file is in the Oracle/Middleware/user_projects/domains/domain_name/config directory. Locate the <security-configuration> Add the[...]
Read moreRemote Denial of Service Attack in IIS 6/7
Overview CVE-2007-2897 Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM[...]
Read moreHow to Enable JMX port in weblogic 10, 11g, 12c
Weblogic 12c application server is more similar to weblogic 11g in terms of configuring the JMX port. To Enable the JMX port and configuration in weblogic, we have to update the jmxremote flags into setDomainEnv.sh (or) setDomainEnv.cmd file JMX monitoring is essential for better proactive monitoring and to perform diagnosis[...]
Read more