Admin Console iManager includes .htaccess file which could allow hackers to gain information (CVE-2016-5754)

  • 7017811
  • 04-Jul-2016
  • 29-Aug-2016


NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
Access Manager Administration Console


Access Manager installed and working well. For security purposes, a scan of the NAM tomcat environment was run where it was detected that the /var/opt/novell/iManager/nps/.htaccess exists and is not restricted on the NAM admin console server. We do not need configuration of site-access issues, such as URL redirection, URL shortening, Access-security control (for different webpages and files), etc, and therefor do not need this file.


Update to NAM 4.2 SP2 or NAM 4.1.2 Hot Fix 1.
Whenever user access .htaccess file, it throws the following error:
HTTP Status 403 - Access to the requested resource has been denied
To workaround the issue on previous versions, simply remove the file. and restart novell-ac service.