laptop and a wrench

Bug

Portal for ArcGIS accepts HTTP 'PUT' and 'DELETE' requests, which can be considered as a security issue.

Last Published: March 6, 2015 ArcGIS for Server
Bug ID Number BUG-000085502
SubmittedFebruary 20, 2015
Last ModifiedFebruary 15, 2023
SeverityMedium
Applies toArcGIS for Server
Version found10.2
Operating SystemWindows OS
Operating System Version2008 R2 64 Bit
StatusKnown Limit

Additional Information

This issue is addressed in Portal version 10.2.1 and later.

Workaround

As documented, access Portal for ArcGIS via the web adaptor. In the case of IIS, the verbs 'put' and 'delete' are disabled by default, thus remediating this issue.

Steps to Reproduce

Bug ID: BUG-000085502

Software:

  • ArcGIS for Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic