laptop and a wrench

Bug

The ArcGIS Server Simple Object Access Protocol (SOAP) endpoint, ‘http(s)://:/arcgis/services’, does not appear to have any application driven error handling and may be vulnerable to string injection and brute force attacks. Below is a link to the Vulnerability Score (CVSS): CVSS 3.3 (of 10): Low Risk Vulnerability https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:W/RC:U

Last Published: June 28, 2016 ArcGIS for Server
Bug ID Number BUG-000091164
SubmittedOctober 2, 2015
Last ModifiedJune 5, 2024
Applies toArcGIS for Server
Version found10.3.1
Operating SystemWindows OS
Operating System Version2008 R2 64 Bit
StatusNon-Reproducible

Additional Information

Unable to reproduce the vulnerability outlined in this bug.

Steps to Reproduce

Bug ID: BUG-000091164

Software:

  • ArcGIS for Server

Get notified when the status of a bug changes

Download the Esri Support App

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options