Product:Ensim Pro for Linux
Version: 4.0.4 (Red Hat Enterprise Linux 4)
Date:  06-February-2006
Patch Description:  Addresses the issue:
HTTP POST can be issued against files in the protected directory.
Overview : When Ensim control panel is used to protect a directory, the .htaccess file only protects HTTP GET. HTTP POST can still be issued against files in the protected directory.
To protect this unauthorised entry and overcome the above-mentioned issue please apply this hotfix.

Download:
ftp.ensim.com/download/pro/linux/4.0.4/hotfix/httppostvulnerability/hotfix-32.patch
(md5sum: 2ae983d7800412363d61abc1968257bb)                                      
  
Installation Procedure:

• patch -p0 < hotfix-32.patch

Protecting New Directories:

• Log in as siteadmin (Frontpage should not be enabled for your site).
• Go to apache->protect directories.
• Enter the info and protect the directory.
• Check the .htaccess file inside that directory, it should have the proper GET and POST directives against the Limit tag

Re-apply the directory protection to existing directories:

• For directories already protected with an earlier version of Ensim Pro, you will have to re-protect all the existing protected directories.
• Follow steps 1 and 2 as mentioned in the previous section.
• Now unprotect the directory, and again protect it.
• Again, check the .htaccess file for the GET and POST tags.