If you have downloaded the latest Apache plug-in in order to remove the Security CVE-2008-4008 vulnerability from the below link:
https://support.bea.com/application_content/product_portlets/securityadvisories/2806.html
and you are not able to parse the request.
We have a work around for CVE-2008-3752 which enables us to use the old plug-in and it will remove the vulnerability.
Then you need to set
WLAllowDoubleEscapedURI true
No comments:
Post a Comment