Bug
Prevent a directory traversal malicious attack in ArcGIS GeoEvent Manager.
| Bug ID Number | BUG-000174297 |
|---|---|
| Submitted | February 12, 2025 |
| Last Modified | April 24, 2025 |
| Applies to | ArcGIS GIS Server |
| Version found | N/A |
| Operating System | N/A |
| Operating System Version | N/A |
| Version Fixed | 11.2, 11.3, 11.4, 11.5+ |
| Status | Fixed |
Additional Information
This issue is addressed in ArcGIS GeoEvent Server versions 11.2 Patch 1, 11.3 Patch 1, and 11.4 Patch 1, and is included in version 11.5.Workaround
Use a Web Application Firewall (WAF) or web server URL re-write rules to disallow common patterns such as ../../ and other URL encoded patterns.
Steps to Reproduce
Bug ID: BUG-000174297
Software:
- ArcGIS GIS Server
Get notified when the status of a bug changes
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback
Get help from ArcGIS experts
Download the Esri Support App