Solved: Http only cookie information disclosure vulnerabil...

Former Member · ‎07-16-2013

HI Experts,

after the penetration test we came to know that our portal server is having this issue can you please suggest me how to get rid off this.

we are using SAP Net weaver 7.3 eph1

Apache 2.0 as web server and solaris O.S.

regards,

pandu.

mvoros · ‎07-17-2013

Hi,

you will need to be more specific about that issue. If you are talking about this vulnerability then it's an issue related to Apache and you need to update Apache.

Cheers

mvoros · ‎07-17-2013

Hi,

you will need to be more specific about that issue. If you are talking about this vulnerability then it's an issue related to Apache and you need to update Apache.

Cheers

Former Member · ‎07-17-2013

Also please provide the Support Package and patch level of your portal. There are information disclosure fixes at least in SP6 for NW731.

Former Member · ‎07-18-2013

HI Samuli,

patch level of our portal is 201

Regards,

Pandu.

Former Member · ‎07-18-2013

HI Martin,

Thanks for your valuable suggestion !

after upgrade can we follow the same configuration setting what we followed for Apache 2.0

Regards,

Pandu.

mvoros · ‎07-21-2013

Hi,

you upgraded to what version? I don't have any experience with managing Apache server. So I have no idea if there were any major changes between old and your new version. I would guess no because Apache is a really mature project but you don't want to rely on some random guy on Internet like me.

Cheers

Http only cookie information disclosure vulnerability on sap net weaver portal 7.3 eph1