注册

  Bug:  NIM092874: ArcGIS for Server 10.1 has a reflected non-persistent cross-site scripting vulnerability

相关信息
Article ID: 41494
Bug Id: NIM092874
Software:
ArcGIS for Server 10.1
Platforms:
Windows Server 2003, Server 2012, Server 2008 R2
RHEL 5, 6

BUG描述
ArcGIS for Server 10.1 has a non-persistent cross-site scripting vulnerability.


CVE Reference
CVE-2013-5222 Various XSS Vulnerabilities
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score 3.5
This vulnerability may be viewed as a standard entry in the
Vulnerabilities and Exposures list.


Acknowledgements
Esri thanks the following for working with us to protect customers:

• Roberto Suggi Liverani of NCIA-NCIRC for reporting this vulnerability.


BUG原因
When certain URLs are provided, user-provided code can be inserted into ArcGIS for Server web pages.
2015-11-16 添加评论
分享

没有找到相关结果

    已邀请:

    EsriSupport

    赞同来自:

    解决方案
    This issue is fixed in ArcGIS for Server 10.2. Esri recommends that customers upgrade to ArcGIS 10.2.

    For those customers that cannot upgrade, Esri has released a security patch that addresses this and other security vulnerabilities that affect ArcGIS 10.1 SP1 for Server. Esri recommends that customers download and apply the 10.1 SP1 Security patch, which can be found here:

    •
    ArcGIS 10.1 SP1 for Server Security Patch (September 2013)




      创建及修改时间
      Created: 8/7/2013

      Last Modified: 9/17/2013
      原文链接
      http://support.esri.com/en/kno ... 41494
      回复时间:2015-12-05 11:43:09 0 0
      分享
      为什么被折叠? 0 个回复被折叠

      要回复问题请先登录注册


      Copyright © 2024