Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Cancel
- Home
- :
- About vipulsoni
vipulsoni
Regular Contributor
since
07-04-2014
08-25-2025
116
Posts created
25
Kudos given
1
Solutions
7
Kudos received
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
My Ideas
(0 Idea Submissions)Latest Contributions by vipulsoni
|
POST
|
Hi, We have ArcGIS Server 11.5 and ArcGIS Portal 11.3 in production environment with the below highlighted vulnerabilities by our organization Cyber Security Team. please need advice for the same, since i have not been able to find any patches or documents which addresses the exact same vulnerabilities for the specific ArcGIS Enterprise Versions. --------------------------------------------------------------------------------------------------------------------------- This advisory addresses Apache Tomcat security updates addressing two major vulnerabilities, impacting several supported versions of its open-source application server. These vulnerabilities could be exploited to carry out session fixation attacks or trigger denial-of-service (DoS) using the MadeYouReset method in HTTP/2. CVE-2025-55668 - Session Fixation via Rewrite Valve 6.5 Medium Apache Tomcat's rewrite valve mechanism contains a session fixation flaw, which could let attackers assign a session ID to a user before they log in, potentially enabling session hijacking. CVE-2025-48989 - Denial-of-Service via MadeYouReset HTTP/2 Technique 7.5 High Apache Tomcat is susceptible to the MadeYouReset attack, which exploits the HTTP/2 protocol by mishandling stream resets, leading to resource exhaustion.
... View more
08-20-2025
01:43 AM
|
0
|
1
|
1053
|
|
POST
|
Hi @jorgevalle56gex , I have noted the patch released for addressing the bug - https://support.esri.com/en-us/patches-updates/2025/portal-for-arcgis-11-5-web-applications-patch?trk=public_post_comment-text please can you share your feedback , if you have applied this patch. Thanks,
... View more
08-13-2025
02:51 AM
|
1
|
0
|
900
|
|
POST
|
Tomcat can be separately downloaded from APACHE and can be updated in the ArcGIS Server installation directory, but this is not at all recommended from ESRI. it might lead system instability issues. https://community.esri.com/t5/arcgis-enterprise-questions/apache-tomcat-vulnerability-cve-2024-50379/m-p/1570749/highlight/true#M41280
... View more
01-16-2025
12:36 AM
|
0
|
1
|
2603
|
|
POST
|
Try opening the same link on the web browser of that computer with ArcGIS Pro installed, if you are able to access the Portal URL via the browser then it should open in ArcGIS Pro as well. Option 1 - you might need to check if the URL is correct in structure as per ArcGIS pro requirement. Option 2 - check if any Network Ports might be blocked.
... View more
01-14-2025
08:35 PM
|
0
|
1
|
1070
|
|
POST
|
There seems to be some other port required by ArcGIS pro which is blocked on the Server Machine Firewall, you might need help from IT Network Team to scan the port pinged by ArcGIS Pro and unblock that specific port on the Server Machine Firewall.
... View more
01-14-2025
08:30 PM
|
0
|
0
|
1367
|
|
POST
|
Hi @JoshuaBixby , As per Apache Tomcat (https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r) it seems the ArcGIS Enterprise 11.4.0 is also having Vulnerable Version of embedded Tomcat installed. There are no patches from ESRI yet for this issue.
... View more
01-14-2025
08:27 PM
|
0
|
3
|
1119
|
|
POST
|
Hi, We have ARCGIS Server 11.3 deployed in Production environment and recently the Cybersecurity Department flagged a vulnerability presence. Vulnerability Details - CVE-2024-56337: Apache Tomcat Patches Critical Remote Code Execution Vulnerability (Update Apache Tomcat )- The vulnerability stems from an incomplete mitigation of previous vulnerability (CVE-2024-50379). The flaw is exploitable on case-insensitive file systems where Tomcat’s default servlet has write functionality enabled. By manipulating specific paths, attackers can bypass security measures and upload malicious JSP files, leading to remote code execution. Exploitation of this vulnerability enables attackers to execute arbitrary code on the affected server, potentially granting them complete control over the system. Installed Version - Apache Tomcat - 9.0.84.0 (ArcGIS 11.3) (Affected Version). Product Affected Versions Apache Tomcat 11.0.0-M1 to 11.0.1 10.1.0-M1 to 10.1.33 9.0.0.M1 to 9.0.97 Fixed Tomcat Versions - 11.0.2 or later 10.1.34 or later 9.0.98 or later Similar Post (but without any solution) - https://community.esri.com/t5/arcgis-enterprise-questions/does-apache-tomcat-come-embedded-with-arcgis/td-p/1078440/page/2 We planned to fix this but came to understand from the above Post that even if try upgrading the Production Environment to ArcGIS Enterprise 11.4 the Apache Tomcat Version Embedded comes with vulnerable version - Apache Tomcat -9.0.93. This issue of Apache Tomcat needs a Patch from ESRI for the ArcGIS Enterprise 11.3 and 11.4 versions as well.
... View more
01-14-2025
08:23 PM
|
0
|
7
|
2736
|
|
POST
|
hi @SaurabhUpadhyaya , I would suggest, take a VM Snapshot backup of the server image of the secondary server and test the Solution 1 from ESRI Support.
... View more
07-31-2024
03:03 AM
|
0
|
0
|
2416
|
|
POST
|
Hi , I would suggest you to check the logs at - C:\Program Files\ArcGIS\Server\framework\runtime\tomcat\logs. There are cases were the internal signed ssl doesnt work with tomcat as intended and the web page for post upgrade doesnt load.
... View more
07-31-2024
01:35 AM
|
0
|
1
|
3469
|
|
POST
|
Yes, 11.3 has this running from the ArcGIS Portal file folders along with the Tomcat webserver. C:\Program Files\ArcGIS\Portal\framework\runtime\jre\bin
... View more
07-31-2024
01:10 AM
|
0
|
0
|
9708
|
|
POST
|
The ArcGIS 11.3 will work with the latest web adaptor, try once entering the same old password in the WebAdaptor 11.3 to add the GIS Server (its sounds crazy but somehow the old user password combination is saved somewhere which the new web adaptor needs).
... View more
07-31-2024
01:05 AM
|
1
|
1
|
1813
|
|
POST
|
Hi, Check this out , this might help your case - Shared Key (from ArcGIS Server online guides) https://enterprise.arcgis.com/en/server/latest/install/windows/single-machine-high-availability-active-active-deployment.htm Using token-based security If using token-based authentication, also referred to as server-tier authentication, it is important that all sites in this configuration use exactly the same shared token key. Otherwise, tokens generated for one machine will not be valid when used against the other machine. To duplicate the shared token keys across multiple sites, you can edit token settings in Manager. Edit token settings in Manager
... View more
07-31-2024
12:51 AM
|
0
|
0
|
2436
|
|
POST
|
Hi @Brian_Wilson , Thanks for this post and the solution posted, last weekend during the upgrade of ArcGIS Portal Server (federated), unfortunately we also faced a similar situation. The ArcGIS Server webpage for post installation did not load. Upon investigation and searching the Esri community forums I landed upon your post. Started to try fixing by searching the logs as you mentioned. I did not have the IT guys to help me since they were busy with scheduled work, instead I copied SSL files from another ArcGIS server (different hostname) and updated the Tomcat Server.xml and restarted the ArcGIS Server service and then tried opening the URL of the Manager. it loaded up and automatically started the Post Install Upgrade process. The Post install upgrade completed successfully but then the ArcGIS Manager interface was behaving weird due to the copied ssl (i believe). then, I opened the ArcGIS Admin page and updated the Machine > SSL with the CA Signed SSL .PFX File (replacing self-signed ssl) and restarted ArcGIS Server Service which then loaded the Manager and all was Ok. Many Thanks to you and your solution post.
... View more
07-29-2024
12:11 AM
|
1
|
0
|
1222
|
|
POST
|
We faced similar issue, then restarted the publishing tools and publishing tools ex map service and then tried publishing but it didn't work. after that restarted the arc map and then the publishing work smoothly. ArcMap 10.8 and ArcGIS Server 10.8.1.
... View more
04-15-2021
01:19 AM
|
1
|
1
|
4219
|
|
POST
|
It seems to be a common and recurring problem with most Portal users. also same with our deployment. when fail to publish scene 3d layers , found that there are other issues listed in log.
... View more
10-02-2019
10:18 PM
|
0
|
0
|
4913
|
My kudoed posts
| Title | Kudos | Posted |
|---|---|---|
| 1 | 07-31-2024 01:05 AM | |
| 1 | 08-13-2025 02:51 AM | |
| 1 | 07-29-2024 12:11 AM | |
| 1 | 04-07-2019 11:33 AM | |
| 1 | 04-15-2021 01:19 AM |
Activity Feed
- Got a Kudo for Re: Unable to configure the ArcGIS Server site with the web adaptor (IIS) (11.3). 3 weeks ago
- Got a Kudo for Re: Blank Map Viewer for All Web Maps After ArcGIS Enterprise 11.5 Upgrade. 12-02-2025 02:16 PM
- Posted Multiple Vulnerabilities in embedded Apache Tomcat - ArcGIS Server and Portal. CVE-2025-55668, CVE-2025-48989 on ArcGIS Enterprise Questions. 08-20-2025 01:43 AM
- Posted Re: Blank Map Viewer for All Web Maps After ArcGIS Enterprise 11.5 Upgrade on ArcGIS Enterprise Portal Questions. 08-13-2025 02:51 AM
- Posted Re: ARCGIS SERVER embedded APACHE TOMCAT Server - Critical Remote Code Execution Vulnerability on ArcGIS Enterprise Questions. 01-16-2025 12:36 AM
- Kudoed Re: ArcGIS Server Manager Statistics Fails to Load for David_McRitchie. 01-14-2025 08:39 PM
- Posted Re: ArcGIS Pro failed to connect to ArcGIS Portal 11.4 on ArcGIS Enterprise Questions. 01-14-2025 08:35 PM
- Posted Re: ArcGIS Pro failed to connect to the license manager on ArcGIS Enterprise Questions. 01-14-2025 08:30 PM
- Posted Re: Does Apache Tomcat come embedded with ArcGIS Enterprise Installation? on ArcGIS Enterprise Questions. 01-14-2025 08:27 PM
- Posted ARCGIS SERVER embedded APACHE TOMCAT Server - Critical Remote Code Execution Vulnerability on ArcGIS Enterprise Questions. 01-14-2025 08:23 PM
- Got a Kudo for Re: Upgrade of ArcGIS Server 10.9.1 to 11.2 fails. 10-15-2024 12:52 AM
- Posted Re: error when generating tokens for ArcGIS Server 10.8.1 (HA) on High Availability and Disaster Recovery Questions. 07-31-2024 03:03 AM
- Posted Re: ArcGIS Server Upgrade Problem on ArcGIS Enterprise Questions. 07-31-2024 01:35 AM
- Posted Re: Just Upgraded to 11.3 and now 'OpenJDK Platform Binary' is using almost all my memory on ArcGIS Enterprise Questions. 07-31-2024 01:10 AM
- Posted Re: Unable to configure the ArcGIS Server site with the web adaptor (IIS) (11.3) on ArcGIS Enterprise Questions. 07-31-2024 01:05 AM
- Posted Re: error when generating tokens for ArcGIS Server 10.8.1 (HA) on High Availability and Disaster Recovery Questions. 07-31-2024 12:51 AM
- Posted Re: Upgrade of ArcGIS Server 10.9.1 to 11.2 fails on ArcGIS Enterprise Questions. 07-29-2024 12:11 AM
- Got a Kudo for Re: Upgrade step 2 of 2 : Failed. Refresh auto-deployed services during upgrade. 03-14-2022 09:37 AM
- Kudoed Re: The server is not ready for publishing for AndresCastillo. 06-28-2021 11:43 PM
- Got a Kudo for Re: The server is not ready for publishing. 04-15-2021 11:15 AM
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-25-2025
01:46 AM
|