Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
Access Manager Administration Console
iManager
CVE-2016-5754
NetIQ Access Manager 4.1
Access Manager Administration Console
iManager
CVE-2016-5754
Situation
Access Manager installed and working well. For security purposes, a scan of the NAM tomcat environment was run where it was detected that the /var/opt/novell/iManager/nps/.htaccess exists and is not restricted on the NAM admin console server. We do not need configuration of site-access issues, such as URL redirection, URL shortening, Access-security control (for different webpages and files), etc, and therefor do not need this file.
Resolution
Update to NAM 4.2 SP2 or NAM 4.1.2 Hot Fix 1.
Whenever user access .htaccess file, it throws the following error:
HTTP Status 403 - Access to the requested resource has been denied
To workaround the issue on previous versions, simply remove the file. and restart novell-ac service.