Bug
Portal for ArcGIS accepts HTTP 'PUT' and 'DELETE' requests, which can be considered as a security issue.
| Bug ID Number | BUG-000085502 |
|---|---|
| Submitted | February 20, 2015 |
| Last Modified | February 15, 2023 |
| Severity | Medium |
| Applies to | ArcGIS for Server |
| Version found | 10.2 |
| Operating System | Windows OS |
| Operating System Version | 2008 R2 64 Bit |
| Status | Known Limit |
Additional Information
This issue is addressed in Portal version 10.2.1 and later.Workaround
As documented, access Portal for ArcGIS via the web adaptor. In the case of IIS, the verbs 'put' and 'delete' are disabled by default, thus remediating this issue.Steps to Reproduce
Bug ID: BUG-000085502
Software:
- ArcGIS for Server
Get help from ArcGIS experts
Download the Esri Support App
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback