POST
|
Hi Cort, I looked at Server at both 10.3.1 and 10.6.1 for this issue earlier. Most likely 10.5 has no installs of log4j v2 (which is where the current vulnerability lies). However it most likely has installs of log4j v1 which is now deprecated, and has bugs of it's own (but not as severe). So the supplied patch won't do anything for your 10.5 install. I can only suggest following ESRI's advice in the blog re upgrades etc. Of course upgrading is often easier said than done, depending on your resources.
... View more
12-16-2021
07:43 PM
|
0
|
0
|
1329
|
POST
|
Hi Brian, I initially found the same problem as you when running the script against a 10.8.1 Server install on Windows. As a workaround I first manually backed up the listed 5 .jar files into separate subdirs to ensure I saved the right ones. I then modified the Py script by commenting out #backup(jar_path) at line 56. I then reran the script using CMD as administrator & it worked fine. I was probably just missing some permissions on my admin account or something. Thanks to ESRI for pushing out this script so quickly.
... View more
12-15-2021
04:40 PM
|
0
|
2
|
1317
|
POST
|
Good point about 10.3.1, thanks Erik. ArcGIS Servers (v.10.3.1) use log4j v1.2.12 which is however vulnerable to some much older but lesser issues - see https://logging.apache.org/log4j/1.2/. This has a threat score CVSS of 7.5 and this threat has been around for many years. There is no fix.
... View more
12-13-2021
03:22 PM
|
2
|
0
|
3206
|
POST
|
The utility available at GitHub - logpresso/CVE-2021-44228-Scanner: Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228 looks like a useful check. Using the utility on ArcGIS Server 10.3.1 (Server only, no extensions) on Windows Server lists no vulnerabilities. Using the utility on ArcGIS Server 10.6.1 (Server only, no extensions) on Windows Server lists the following issues : C:\Users\bloggsj>D:\Temp\Utilities\log4j2-scan.exe "C:\Program Files\ArcGIS" [*] Found CVE-2021-44228 vulnerability in C:\Program Files\ArcGIS\Server\framework\lib\shared\log4j-core-2.8.2.jar, log4j 2.8.2 [*] Found CVE-2021-44228 vulnerability in C:\Program Files\ArcGIS\Server\tools\configurebasedeployment\lib\log4j-core.jar, log4j 2.8.2 [*] Found CVE-2021-44228 vulnerability in C:\Program Files\ArcGIS\Server\tools\createsite\lib\log4j-core.jar, log4j 2.8.2 [*] Found CVE-2021-44228 vulnerability in C:\Program Files\ArcGIS\Server\tools\upgradebasedeployment\lib\log4j-core.jar, log4j 2.8.2 [*] Found CVE-2021-44228 vulnerability in C:\Program Files\ArcGIS\Server\tools\upgradeserver\lib\log4j-core.jar, log4j 2.8.2 Scanned 5264 directories and 45936 files Found 5 vulnerable files Completed in 22.24 seconds Regards John
... View more
12-13-2021
01:21 PM
|
2
|
0
|
3457
|
POST
|
Excellent article that has "saved my bacon" twice now. First time was after Windows patching, and the second after a random Windows Server crash. In both cases this was with Server 10.3.1 and the config.xml was corrupted. In the second case the log file had the following message : "SEVERE: Parse Fatal Error at line 1 column 1: Content is not allowed in prolog. org.xml.sax.SAXParseException; systemId: file:/C:/Program%20Files/ArcGIS/Server/framework/runtime/tomcat/conf/server.xml; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog." In this case, both config.xml and web.xml in the same folder were corrupted and stuffed with NUL characters. Replacing these files from another server and reconfiguring config.xml as stated solved the problem. Restarting the ArcGIS Server service then restored the system ok. Thanks for posting this article!
... View more
09-14-2021
03:53 PM
|
0
|
0
|
3662
|
DOC
|
Linking Search and eSearch widgets for Web Application Builder This code sample provides a linkage of 2 widgets so that the results of an autocompleter search cause the "Enhanced Search" widget to be activated. This provides the user with extra information about the searched feature. (See example image below). Entering Lot 45 in the top search box offers a series of matching search results. Choosing one zooms to the search map location and opens the larger eSearch dialog (this is the 2 nd widget). This linkage concept is based on custom Flex coding developed by the NZ Local Government GeoSpatial Consortium in 2010 which is now superseded. The outline concept has been adopted & rewritten using Javascript for ESRI WAB (v2.5). It unifies all search types, as searches for addresses, lot numbers, property owners, consent Ids etc are all executed by simply entering a few characters into the Search widget textbox.
... View more
07-04-2019
08:29 PM
|
1
|
0
|
1098
|
POST
|
Thanks to Matiss for solving this problem. A recent update of ArcGIS Online (June 2017) meant that an update was required in my code. I created a web app using Web App Builder in ArcGIS Online & exported code to a web server. I updated the file jimu.js\main.js as follows : immediately after the line : console.log("jimu.js init..."); I inserted the line : G.bundle.widgets.popup.NLS_noInfo = "<My popup message for no info>"; (No changes to the define list are now required) See also Default API Strings | Guide | ArcGIS API for JavaScript 3.20 for some background.
... View more
07-02-2017
07:35 PM
|
1
|
0
|
1316
|
Title | Kudos | Posted |
---|---|---|
2 | 12-13-2021 01:21 PM | |
2 | 12-13-2021 03:22 PM | |
1 | 07-02-2017 07:35 PM | |
1 | 07-04-2019 08:29 PM |
Online Status |
Offline
|
Date Last Visited |
07-28-2022
10:18 PM
|