Community

vipulsoni
Regular Contributor
since ‎07-04-2014
18 Badges Earned
Kudos Given Kudos
View All Badges Earned
4 weeks ago
117 Posts created
25 Kudos given
1 Solutions
7 Kudos received
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

My Ideas

(0 Idea Submissions)

Latest Contributions by vipulsoni

POST

ESRI Enterprise Vulnerability for Tomcat - CVE-2026-29146

Greetings All, we have received multiple alerts from Cybersecurity Team for the - CVE-2026-29146, tomcat software present in almost all the Esri Enterprise Products. 11.3 and 11.5 installations of ArcGIS Server and ArcGIS Portal, ArcGIS Data Store. I am unable to find any ESRI Patch or Document stating the vulnerability mitigation patch or the affect of this vulnerability to ESRI Enterprise Software Suite.   SoftwareName SoftwareVersion CveId EvidencePaths tomcat 9.0.84.0 CVE-2026-29146 ["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] tomcat 9.0.84.0 CVE-2026-29146 ["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\portal\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] tomcat 10.1.34.0 CVE-2026-29146 ["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] tomcat 10.1.34.0 CVE-2026-29146 ["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] tomcat 10.1.34.0 CVE-2026-29146 ["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] tomcat 10.1.34.0 CVE-2026-29146 ["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] tomcat 9.0.84.0 CVE-2026-29146 ["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] tomcat 9.0.62.0 CVE-2026-29146 ["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"] ... View more
ArcGIS Enterprise Questions
‎04-28-2026 10:52 PM
0
0
431
POST

Multiple Vulnerabilities in embedded Apache Tomcat - ArcGIS Server and Portal. CVE-2025-55668, CVE-2025-48989

Hi, We have ArcGIS Server 11.5 and ArcGIS Portal 11.3 in production environment with the below highlighted vulnerabilities by our organization Cyber Security Team. please need advice for the same, since i have not been able to find any patches or documents which addresses the exact same vulnerabilities for the specific ArcGIS Enterprise Versions. --------------------------------------------------------------------------------------------------------------------------- This advisory addresses Apache Tomcat security updates addressing two major vulnerabilities, impacting several supported versions of its open-source application server. These vulnerabilities could be exploited to carry out session fixation attacks or trigger denial-of-service (DoS) using the MadeYouReset method in HTTP/2. CVE-2025-55668 - Session Fixation via Rewrite Valve 6.5 Medium Apache Tomcat's rewrite valve mechanism contains a session fixation flaw, which could let attackers assign a session ID to a user before they log in, potentially enabling session hijacking. CVE-2025-48989 - Denial-of-Service via MadeYouReset HTTP/2 Technique 7.5 High Apache Tomcat is susceptible to the MadeYouReset attack, which exploits the HTTP/2 protocol by mishandling stream resets, leading to resource exhaustion. ... View more
ArcGIS Enterprise Questions
‎08-20-2025 01:43 AM
0
1
1744
POST

Re: Blank Map Viewer for All Web Maps After ArcGIS Enterprise 11.5 Upgrade

Hi @jorgevalle56gex , I have noted the patch released for addressing the bug - https://support.esri.com/en-us/patches-updates/2025/portal-for-arcgis-11-5-web-applications-patch?trk=public_post_comment-text please can you share your feedback , if you have applied this patch. Thanks, ... View more
ArcGIS Enterprise Portal Questions
‎08-13-2025 02:51 AM
1
0
1710
POST

Re: ARCGIS SERVER embedded APACHE TOMCAT Server - Critical Remote Code Execution Vulnerability

Tomcat can be separately downloaded from APACHE and can be updated in the ArcGIS Server installation directory, but this is not at all recommended from ESRI. it might lead system instability issues. https://community.esri.com/t5/arcgis-enterprise-questions/apache-tomcat-vulnerability-cve-2024-50379/m-p/1570749/highlight/true#M41280 ... View more
ArcGIS Enterprise Questions
‎01-16-2025 12:36 AM
0
1
3871
POST

Re: ArcGIS Pro failed to connect to ArcGIS Portal 11.4

Try opening the same link on the web browser of that computer with ArcGIS Pro installed, if you are able to access the Portal URL via the browser then it should open in ArcGIS Pro as well. Option 1 - you might need to check if the URL is correct in structure as per ArcGIS pro requirement. Option 2 - check if any Network Ports might be blocked. ... View more
ArcGIS Enterprise Questions
‎01-14-2025 08:35 PM
0
1
1789
POST

Re: ArcGIS Pro failed to connect to the license manager

There seems to be some other port required by ArcGIS pro which is blocked on the Server Machine Firewall, you might need help from IT Network Team to scan the port pinged by ArcGIS Pro and unblock that specific port on the Server Machine Firewall. ... View more
ArcGIS Enterprise Questions
‎01-14-2025 08:30 PM
0
0
2289
POST

Re: Does Apache Tomcat come embedded with ArcGIS Enterprise Installation?

Hi @JoshuaBixby , As per Apache Tomcat (https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r) it seems the ArcGIS Enterprise 11.4.0 is also having Vulnerable Version of embedded Tomcat installed. There are no patches from ESRI yet for this issue. ... View more
ArcGIS Enterprise Questions
‎01-14-2025 08:27 PM
0
3
1671
POST

ARCGIS SERVER embedded APACHE TOMCAT Server - Critical Remote Code Execution Vulnerability

Hi, We have ARCGIS Server 11.3 deployed in Production environment and recently the Cybersecurity Department flagged a vulnerability presence. Vulnerability Details -  CVE-2024-56337: Apache Tomcat Patches Critical Remote Code Execution Vulnerability (Update Apache Tomcat )- The vulnerability stems from an incomplete mitigation of previous vulnerability (CVE-2024-50379). The flaw is exploitable on case-insensitive file systems where Tomcat’s default servlet has write functionality enabled. By manipulating specific paths, attackers can bypass security measures and upload malicious JSP files, leading to remote code execution. Exploitation of this vulnerability enables attackers to execute arbitrary code on the affected server, potentially granting them complete control over the system. Installed Version - Apache Tomcat - 9.0.84.0 (ArcGIS 11.3) (Affected Version). Product Affected Versions  Apache Tomcat 11.0.0-M1 to 11.0.1 10.1.0-M1 to 10.1.33 9.0.0.M1 to 9.0.97 Fixed Tomcat Versions - 11.0.2 or later 10.1.34 or later 9.0.98 or later Similar Post (but without any solution) -  https://community.esri.com/t5/arcgis-enterprise-questions/does-apache-tomcat-come-embedded-with-arcgis/td-p/1078440/page/2 We planned to fix this but came to understand from the above Post that even if try upgrading the Production Environment to ArcGIS Enterprise 11.4 the Apache Tomcat Version Embedded comes with vulnerable version -  Apache Tomcat -9.0.93. This issue of Apache Tomcat needs a Patch from ESRI for the  ArcGIS Enterprise 11.3 and 11.4 versions as well. ... View more
ArcGIS Enterprise Questions
‎01-14-2025 08:23 PM
0
7
4004
POST

Re: error when generating tokens for ArcGIS Server 10.8.1 (HA)

hi @SaurabhUpadhyaya , I would suggest, take a VM Snapshot backup of the server image of the secondary server and test the Solution 1 from ESRI Support. ... View more
High Availability and Disaster Recovery Questions
‎07-31-2024 03:03 AM
0
0
3024
POST

Re: ArcGIS Server Upgrade Problem

Hi , I would suggest you to check the logs at - C:\Program Files\ArcGIS\Server\framework\runtime\tomcat\logs. There are cases were the internal signed ssl doesnt work with tomcat as intended and the web page for post upgrade doesnt load. ... View more
ArcGIS Enterprise Questions
‎07-31-2024 01:35 AM
0
1
5088
POST

Re: Just Upgraded to 11.3 and now 'OpenJDK Platform Binary' is using almost all my memory

Yes, 11.3 has this running from the ArcGIS Portal file folders along with the Tomcat webserver. C:\Program Files\ArcGIS\Portal\framework\runtime\jre\bin ... View more
ArcGIS Enterprise Questions
‎07-31-2024 01:10 AM
0
0
15231
POST

Re: Unable to configure the ArcGIS Server site with the web adaptor (IIS) (11.3)

The ArcGIS 11.3 will work with the latest web adaptor, try once entering the same old password in the WebAdaptor 11.3 to add the GIS Server (its sounds crazy but somehow the old user password combination is saved somewhere which the new web adaptor needs).  ... View more
ArcGIS Enterprise Questions
‎07-31-2024 01:05 AM
1
1
2894
POST

Re: error when generating tokens for ArcGIS Server 10.8.1 (HA)

Hi, Check this out , this might help your case - Shared Key (from ArcGIS Server online guides) https://enterprise.arcgis.com/en/server/latest/install/windows/single-machine-high-availability-active-active-deployment.htm Using token-based security If using token-based authentication, also referred to as server-tier authentication, it is important that all sites in this configuration use exactly the same shared token key. Otherwise, tokens generated for one machine will not be valid when used against the other machine. To duplicate the shared token keys across multiple sites, you can edit token settings in Manager. Edit token settings in Manager   ... View more
High Availability and Disaster Recovery Questions
‎07-31-2024 12:51 AM
0
0
3044
POST

Re: Upgrade of ArcGIS Server 10.9.1 to 11.2 fails

Hi @Brian_Wilson , Thanks for this post and the solution posted, last weekend during the upgrade of ArcGIS Portal Server (federated), unfortunately we also faced a similar situation. The ArcGIS Server webpage for post installation did not load. Upon investigation and searching the Esri community forums I landed upon your post. Started to try fixing by searching the logs as you mentioned. I did not have the IT guys to help me since they were busy with scheduled work, instead I copied SSL files from another ArcGIS server (different hostname) and updated the Tomcat Server.xml and restarted the ArcGIS Server service and then tried opening the URL of the Manager. it loaded up and automatically started the Post Install Upgrade process. The Post install upgrade completed successfully but then the ArcGIS Manager interface was behaving weird due to the copied ssl (i believe). then, I opened the ArcGIS Admin page and updated the Machine > SSL with the CA Signed SSL .PFX File (replacing self-signed ssl) and restarted ArcGIS Server Service which then loaded the Manager and all was Ok. Many Thanks to you and your solution post. ... View more
ArcGIS Enterprise Questions
‎07-29-2024 12:11 AM
1
0
1527
POST

Re: The server is not ready for publishing

We faced similar issue, then restarted the publishing tools and publishing tools ex map service and then tried publishing but it didn't work. after that restarted the arc map and then the publishing work smoothly. ArcMap 10.8 and ArcGIS Server 10.8.1. ... View more
ArcGIS Enterprise Questions
‎04-15-2021 01:19 AM
1
1
4971
Activity Feed
Contact Me
Online Status
Offline
Date Last Visited
4 weeks ago