megaphone
Update your Profile with your Support type to get your Support Type badge.
Nominate Your Peers for NetSuite Support Community's Choice of the Quarter! Submit your nomination today.
Stay in the know of how NetSuite can help grow your business with our guides, webinars, and events. Subscribe Here
What Topic Should We Cover Next? Your idea could be our next feature—drop your suggestion now!
No Limits. Just possibilities. Join us for complimentary one-day events around the world and step into a future fueled by AI and limitless potential. Discover what's next at SuiteConnect Tour 2026.
Try Intelligent Payment Automation – Fee Free For Your First Month For more information, visit this thread.
New AI Community Guidelines. Please review and follow them to ensure AI use stays safe, accurate, and compliant.
Expand your NetSuite knowledge by joining our Ask A Guru Live sessions. RSVP on this event now.
Don't miss out on our Question of the Week! You only have until tomorrow, April 2, 2026, 2:00PM ET to comment your answers.

Discussions
Stay up-to-date with the latest news from NetSuite. You’ll be in the know about how to connect with peers and take your business to new heights at our virtual, in-person, on demand events, and much more.
Now is the time to ask your NetSuite-savvy friends and colleagues to join the NetSuite Support Community! Refer now! Click here to watch and learn more!
New AI Community Guidelines. Please review and follow them to ensure AI use stays safe, accurate, and compliant.
Stay in the Know

Be sure you're subscribed to NetSuite communication to stay in the know about monthly happenings, updates and announcements. Subscribe

McAfee Vulnerability !!!

edited Dec 3, 2019 3:07PM in General 10 comments

Netsuite Team,

We have recently had the McAfee scan for our website for customers security sake.

It has given one security vulnerability as following:

Name : Oracle 9iAS Dynamic Monitoring Services

Category : SQL - Database

Impact : Information Disclosure

Description:

In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted.

http://DOMAIN/dms0

General Solution:

Edit the httpd.conf file to restrict access to /dms0.

Additional Information:
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!

Leaderboard

Community Whiz

Quarter 1 (Jan-Mar 2026)

This Week's Leaders

This Month's Leaders

All Time Leaders