Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 215 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
directory traversal attacks in OBIEE 12.2.1.2
we have upgraded our OBIEE 11g instance to 12.2.1.2. every thing completed successfully. Now we are above to go live. Our security personals scan OBIEE 12c with Acunetix Security Audit. And they have found following
Affected items : /analytics/res/v-878RdqqH*RU
Alert group : Server directory traversal
Severity High
Description : This script is possibly vulnerable to directory traversal attacks. Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.
Recommendations : Your script should filter metacharacters from user input.
Alert variants : This file was found using the pattern /analytics/res/v-878RdqqH*RU/../WEB-INF/web.xml?.
Original directory: /analytics/res/v-878RdqqH*RU
Pattern found:
I have search above Path in the server. there is no such a path.
Please help us to over come the issue