English

Problem: Security vulnerability in ArcGIS Server 10 Image Service file resource

Description

Publishing an ArcGIS Server 10 Image Service that uses a Mosaic Dataset can expose a security vulnerability.

Cause

This vulnerability is in ArcGIS Server 10 Image Services that use a Mosaic Dataset.

Solution or Workaround

Download and apply the ArcGIS 10.0 SP2 (Server) Image Service file resource security Patch to resolve this security vulnerability.

If this patch cannot be installed, disable Image Service Download capability. The instructions provided below describe how to disable the Image Service Download capability.

1. Verify that ArcGIS Server service pack 10.0 SP1 or higher is installed.

2. Make an administrative connection to ArcGIS Server using ArcCatalog or ArcGIS Server Manager.

3. Stop the image service that is using a mosaic dataset.

4. In Service Properties, under the Capabilities tab, uncheck the option "Download".

5. Save the settings and restart the Service

6. Repeat the steps 2-5 for all image services with Mosaic Datasets that have the Download capability enabled.

7. Login to the REST API administrator and clear the REST cache.