Community

Security Issue in ArcGIS Server

2409
15
05-14-2018 10:59 AM
ElizabethDonahue
by
New Contributor III
‎05-14-2018 10:59 AM

I received an email from ESRI regarding security issue in ArcGIS server. We are currently using Server 10.1 SP1. Is our version affected by this issue?

Tags (1)
0 Kudos
15 Replies
DaveTenney
by
Occasional Contributor III
‎05-15-2018 11:52 AM

All,

  does anyone know what this patch is doing?

it just seems a bit vague and im going to have to explain why i want to install a patch in a live production environment.

thanks

Dave

0 Kudos
RandallWilliams
by Esri Regular Contributor
Esri Regular Contributor
‎05-15-2018 12:37 PM

The patch addresses a critical vulnerability in ArcGIS Server causing improper access control validation when specially crafted requests are sent to the server. This results in secured services and their data to be exposed to users when they should not otherwise have access.

0 Kudos
MichaelVolz
by
Esteemed Contributor
‎05-17-2018 05:49 AM

Does this patch need to be applied to all components of the enterprise deployment or just the base ArcGIS for Server server(s)?  For instance does it also need to be applied to a server dedicated to Image Server or a server dedicated to GeoEvent services?

0 Kudos
RandallWilliams
by Esri Regular Contributor
Esri Regular Contributor
‎05-17-2018 05:55 AM

This patch should be applied to all instances of ArcGIS Server, regardless of role.

0 Kudos
DarwinQuispe
by
New Contributor II
‎05-17-2018 03:57 PM

I've installed this patch now I'm getting a continous "stopping" state.

0 Kudos
George_Thompson
by Esri Frequent Contributor
Esri Frequent Contributor
‎05-18-2018 03:43 AM

I would recommend opening a technical support case to have the team investigate this in more detail.

--- George T.