laptop and a wrench


Improper neutralization of CRLF (Carriage Return Line Feed) sequences in HTTP Headers (HTTP response splitting) allow for ArcIMS to set an arbitrary cookie.

Last Published: September 15, 2014 ArcIMS
Bug ID Number BUG-000081091
SubmittedSeptember 4, 2014
Last ModifiedJune 5, 2024
Applies toArcIMS
Version found10.0
Operating SystemWindows OS
Operating System Version7
StatusWill Not Be Addressed

Additional Information

ArcIMS is at end of life.

Steps to Reproduce

Bug ID: BUG-000081091


  • ArcIMS

Get notified when the status of a bug changes

Download the Esri Support App

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options