You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

OCC server URL exposed vulnerability

in Commerce 2 comments

If we navigate to our public sites and query the browser console for the object window.state.clientRepository.context.global.appServerURL, it returns the site https://xxxxxxx-store.occa.us-phoenix-1.ocs.oraclecloud.com/, which is the URL of the OCC server.

We would like confirmation that, despite being able to query the server directly, the WAF (Web Application Firewall) still exists between the OCC server and the internet. Therefore, we would not be vulnerable if an attacker were to find that URL within our OCC sites. Can you certify/confirm that this is the case?

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!