I received an email from ESRI regarding security issue in ArcGIS server. We are currently using Server 10.1 SP1. Is our version affected by this issue?
All,
does anyone know what this patch is doing?
it just seems a bit vague and im going to have to explain why i want to install a patch in a live production environment.
thanks
Dave
The patch addresses a critical vulnerability in ArcGIS Server causing improper access control validation when specially crafted requests are sent to the server. This results in secured services and their data to be exposed to users when they should not otherwise have access.
Does this patch need to be applied to all components of the enterprise deployment or just the base ArcGIS for Server server(s)? For instance does it also need to be applied to a server dedicated to Image Server or a server dedicated to GeoEvent services?
This patch should be applied to all instances of ArcGIS Server, regardless of role.
I've installed this patch now I'm getting a continous "stopping" state.
I would recommend opening a technical support case to have the team investigate this in more detail.