ArcGIS Server 10.8.1 and port 8081 running Apache Spark 2.4.4?

861
3
08-16-2021 08:44 AM
Jay_Gregory
Regular Contributor

I am running ArcGIS Server 10.8.1 on a local server (WS 2016), and have noticed Apache Spark running on port 8081 (http).  Our security scan picked it up because there is an older version of JQuery bundled with whatever site is on that port.  We opened a case with tech support, who claimed it had nothing to do with Esri because ArcGIS Server does not use port 8081 (it is certainly not listed in the documentation).  However, if I turn off ArcGIS Server service in windows service manager, the 8081 Apache Spark site goes down, so I assume it has something to do with ArcGIS Server (as the accessibility of the site is tied to whether ArcGIS Server service is running or not)

There is no other Esri software installed on that server.  Our security configuration for server is https only, tls1.1 and 1.2, and HSTS enabled.  Can anyone shed any light on this - I can find nothing in the documentation about Apache Spark or port 8081 being used with ArcGIS Server.  

 

Thanks!

I am running ArcGIS Server 10.6.1 on different servers and do not see this issue there.  

0 Kudos
3 Replies
Jay_Gregory
Regular Contributor

The bundled jquery version is 1.12.4 and anything below 3.5.0 is susceptible to XSS attacks.  Installing security patches did not fix the issue...

Apparently the version of jquery triggering a vulnerability to our security scan is contained in 

C:\Program Files\ArcGIS\Server\framework\runtime\spark\jars\spark-core_2.11-2.4.4.jar

C:\Program Files\ArcGIS\Server\framework\lib\shared\hadoop-yarn-common-2.7.3.jar  

C:\Program Files\ArcGIS\Server\framework\lib\shared\scala-compiler-2.11.12.jar 

C:\Program Files\ArcGIS\Server\framework\lib\shared\spark-core_2.11-2.4.4.jar

C:\Program Files\ArcGIS\Server\framework\runtime\spark\jars\Hadoop-yarn-common-2.9.2.jar

C:\Program Files\ArcGIS\Server\framework\runtime\spark\jars\scala-compiler-2.11.12.jar

0 Kudos
AngusHooper1
Occasional Contributor II

Interestingly I cannot find anything listening on 8081 within our 10.8.1 Enterprise.

As outlined in the microsoft doco, there is a bunch of best practise you can use to mitigate this risk. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-.... Ensure your security review considers mitigating mechanisms and is not clear-cut with compliant/non-compliant. 

As a FYI, I would recommend you install the ArcGIS software to the D drive and leave C to the OS. E drive can then store the site information (e.g. arcgis server directories).

0 Kudos
JonathanQuinn
Esri Frequent Contributor

Do you have GeoAnalytics configured? I think it is related to GeoAnalytics and is the Spark UI. I'd reach back out to Tech Support and have them test on their own environment with GeoAnalytics.