HTTP POST can be issued against files in the protected directory Addresses the issue "HTTP POST can be issued against files in the protected directory"

Product:Ensim Pro for Linux
Version: 4.0.3 (Fedora Core 1, Fedora Core 2, Red Hat Enterprise Linux 3)
Date: 06-February-2006
Patch Description: Addresses the issue:
HTTP POST can be issued against files in the protected directory.
Overview : When Ensim control panel is used to protect a directory, the .htaccess file only protects HTTP GET. HTTP POST can still be issued against files in the protected directory.
To protect this unauthorised entry and overcome the above-mentioned issue please apply this hotfix.

Download:
ftp.ensim.com/download/pro/linux/4.0.3/hotfix/httppostvulnerability/hotfix-32.patch
(md5sum: 2ae983d7800412363d61abc1968257bb)

Installation Procedure:

patch -p0 < hotfix-32.patch

Protecting New Directories:

Log in as siteadmin (Frontpage should not be enabled for your site).
Go to apache->protect directories.
Enter the info and protect the directory.
Check the .htaccess file inside that directory, it should have the proper GET and POST directives against the Limit tag

Re-apply the directory protection to existing directories:

For directories already protected with an earlier version of Ensim Pro, you will have to re-protect all the existing protected directories.
Follow steps 1 and 2 as mentioned in the previous section.
Now unprotect the directory, and again protect it.
Again, check the .htaccess file for the GET and POST tags.

Note: If you already have protected directories on server then you can execute the attached file to apply fixes to them.