注册

  Bug:  NIM092820: Mobile Content Server has a cross-site scripting vulnerability

相关信息
Article ID: 41468
Bug Id: NIM092820
Software:
ArcGIS for Server 10.1, 10.2
Platforms:
Windows Server 2003, Server 2012, Server 2008 R2
RHEL 5, 6

BUG描述
The Mobile Content Server in ArcGIS for Server has cross-site scripting vulnerabilities in versions 10.1 SP1 and 10.2.

NIM092820 is a persistent cross-site scripting vulnerability in ArcGIS for Server 10.1 and 10.2. The vulnerability is behind authenticated pages.


CVE Reference

CVE-2013-5222 Various XSS Vulnerabilities
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score 3.5
This vulnerability may be viewed as a standard entry in the
Common Vulnerabilities and Exposures list.


Acknlowledgements
Esri thanks the following for working with us to protect customers:

• Roberto Suggi Liverani of NCIA-NCIRC for reporting this vulnerability


BUG原因
Improper validation of user-supplied content.
2015-11-29 添加评论
分享

没有找到相关结果

    已邀请:

    易智瑞技术支持

    赞同来自:

    解决方案
    Esri has released two security patches that address the Mobile Content Server issue and other security vulnerabilities that affect ArcGIS 10.1 SP1 for Server and ArcGIS 10.2 for Server. Esri recommends that customers download and apply the appropriate patch.

    •
    ArcGIS 10.1 SP1 for Server Security (September 2013) Patch

    •
    ArcGIS 10.2 for Server Security (September 2013) Patch

    For those that cannot apply these security patches, the Mobile Content Server can be removed from the product. The Mobile Content Server is not commonly used.


    1. Navigate to the ArcGIS Install Directory.
    2. Navigate to framework/runtime/tomcat/webapps.
    3. Delete the folder arcgis#mobile.


    创建及修改时间
    Created: 8/2/2013

    Last Modified: 9/17/2013
    原文链接
    http://support.esri.com/en/kno ... 41468
    回复时间:2015-11-30 03:27:30 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册


    Copyright © 2025