Select to view content in your preferred language

ArcGIS Server 11.0 Directory Traversal Vulnerability Patch

4315
9
Jump to solution
10-07-2022 05:52 AM
DavidColey
Honored Contributor

Hello - I just applied the ArcGIS Server 11.0 Directory Traversal Vulnerability Patch

https://support.esri.com/en/Products/Enterprise/arcgis-server/ArcGIS-Server/11#downloads?id=8063

On my (2 machine Windows Server 2016) 11.0 hosting site servers.

And now I am seeing hundreds and hundreds of SEVERE and WARNING level log errors pertaining to webhooks, yet I have no webhooks set up yet against any of the hosted feature layers:

WARNING Webhook log: FS Webhook processor init failed Connecting to queue : FS_Raw_Events_Queue failed.

SEVERE Webhook log: init WebhookProcessors failed. FS Webhook processor init failed.

WARNING Webhook log: Error in initializing webhook processor. init WebhookProcessors failed.

Has anyone else seen this?

@JonathanQuinn 

@JonEmch 

 
1 Solution

Accepted Solutions
DavidColey
Honored Contributor

Hello @KevinHibma  - I was able to resolve this:

Restart arcgis server exe processes - no effect

Restart both windows servers - no effect

Uninstall patch - no effect

Reinstall patch - no effect

Then I decided to check the configuration of the webhook processes json in the 

....\config-store\system\webhookprocessors-config directory where I saw that this file uses a url connection to the datastore

"jdbcUrl":"jdbc:postgresql://DATASTOREMACHINE.BCC.SCGOV.LOCAL:9876/webhooks"

I checked that my port 9876 was open and unrestricted vis system resources and it is.

Regardless, I went ahead and with a restart of the:

ArcGIS Data Store service - log entries stopped.  No more errors. 

So basically a restart of the datastore service resolved some type of communication issue that may or may not have been coincidental with an ArcGIS Server service restart for any reason, not just application of this patch.

So I consider this resolved on my end at least for now.

@JonEmch 

View solution in original post

9 Replies
DavidColey
Honored Contributor

UPDATE

In our environment, the federated site registered with our enterprise is still at release 10.9.1.  I did apply the  

ArcGIS Server Security 2022 Update 2 Patch

https://support.esri.com/en/Products/Enterprise/arcgis-server/ArcGIS-Server/10-9-1#downloads?id=8064

which does contain a fix for the same issue - Directory traversal vulnerability in ArcGIS Server - 

This patch application is not generating any of the 3 unique log entries noted above.

 

 

KevinHibma
Esri Regular Contributor

Hi @DavidColey 

I don't have much knowledge of that particular patch, but I'm doubtful that it caused the problem.

The message is indicating that GIS Server is failing to connect to the required components for webhooks. Are you able to restart the GIS Server? A restart will sometimes fix this problem.

Is there any chance the problem was there before you applied the patch and you didn't notice the logs? If so, we'd need to figure out what might be in the way of the connection. (closed ports perhaps)

0 Kudos
DavidColey
Honored Contributor

Hello @KevinHibma - thanks for the reply.  Yes, a restart is something I would do after hours and will see if that helps. 

I use ArcGIS Monitor, so it is not possible that I would not notice the log:

ID

Category

Last Alert

Collection

Level

Status

H:M

Count

Groups

Counter Name

Rule

Counter Instance

Name

Comments

Counter Type

Int(min)

1

 ArcGIS

10/07/2022 11:41 AM

Production

 Warning

 Open

17:44

72

1

Log-WARNING

> 0 

Summary

ArcGIS Host

ArcGIS Errors

 ArcGIS

15

2

 ArcGIS

10/07/2022 11:41 AM

Production

 Warning

 Open

17:44

72

1

Log-SEVERE

> 0 

Summary

ArcGIS Host

ArcGIS Errors

 ArcGIS

15

 

As you can see, these 2 logs have been open for 17 hours and the error keeps rolling along.  So far, there is no impact to performance (cpu or memory) but it is hassle to find my real Severe and Warning level errors contained within.

0 Kudos
KevinHibma
Esri Regular Contributor

Thanks. That's sort of good news / bad news. I'm still skeptical the patch has caused the issue, but if you've only had the errors since applying the patch, it's now a question of how the communication was interrupted. I'll talk to a couple of colleagues and see if it's reproducible. 

Unfortunately, you'll see the messages once a minute as Server attempts to re-establish the connection. Please respond back with the result of restarting Server.

0 Kudos
DavidColey
Honored Contributor

Sure - but: "I'm still skeptical the patch has caused the issue".  Well, the error log entries began moments after the patches were applied to the 2-machine host site cluster.  So if not the patch, then what? 

No one else could have attempted to create any type of the new (beta) webhook capabilities in portal at release 11, and I have not.  

If a restart does not address the log error entries, I may uninstall the patch updates and see if the errors continue.

0 Kudos
JonEmch
Esri Regular Contributor

Hey there David,

   Thank you for tagging me in this. Let me do some research on this and I will follow up.

Keep on keeping on!
DavidColey
Honored Contributor

Hello @KevinHibma  - I was able to resolve this:

Restart arcgis server exe processes - no effect

Restart both windows servers - no effect

Uninstall patch - no effect

Reinstall patch - no effect

Then I decided to check the configuration of the webhook processes json in the 

....\config-store\system\webhookprocessors-config directory where I saw that this file uses a url connection to the datastore

"jdbcUrl":"jdbc:postgresql://DATASTOREMACHINE.BCC.SCGOV.LOCAL:9876/webhooks"

I checked that my port 9876 was open and unrestricted vis system resources and it is.

Regardless, I went ahead and with a restart of the:

ArcGIS Data Store service - log entries stopped.  No more errors. 

So basically a restart of the datastore service resolved some type of communication issue that may or may not have been coincidental with an ArcGIS Server service restart for any reason, not just application of this patch.

So I consider this resolved on my end at least for now.

@JonEmch 

MDekkers
Occasional Contributor

We have recently seen this error message in some environments that had been upgraded to ArcGIS Enterprise 11. After some research it appeared that the firewall rules on the ArcGIS DataStore machine hadn't been update with the newly required ports (25672, 44369, 45671) for the added webhook functionality in ArcGIS Enterprise 11.
See these links for more information:
https://enterprise.arcgis.com/en/data-store/latest/install/windows/ports-used-by-arcgis-data-store.h...
https://enterprise.arcgis.com/en/portal/latest/administer/windows/about-arcgis-webhooks.htm 

Thomas_Z2
Regular Contributor

We experienced the same issue after we changed the PSA (primary site administrator) password.

Re-registering the ArcGIS Data Stores solved the problem for us.

It may be somehow related with the warning "Failed to log in. Invalid username 'siteadmin' or password specified." in our log files (or it solved by chance solved both issues). We were following this tutorial from Esri's technical support here.

0 Kudos