laptop and a wrench

Bug

The ArcGIS Server Simple Object Access Protocol (SOAP) endpoint, ‘http(s)://:/arcgis/services’, does not appear to have any application driven error handling and may be vulnerable to string injection and brute force attacks. Below is a link to the Vulnerability Score (CVSS): CVSS 3.3 (of 10): Low Risk Vulnerability https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:W/RC:U

Last Published: June 28, 2016 ArcGIS for Server
Bug ID Number BUG-000091164
SubmittedOctober 2, 2015
Last ModifiedJuly 28, 2020
SeverityMedium
Applies toArcGIS for Server
Version found10.3.1
Operating SystemWindows
Operating System Version2008 R2 64 Bit
StatusNon-Reproducible

Additional Information

Unable to reproduce the vulnerability outlined in this bug.

Steps to Reproduce

Bug ID: BUG-000091164

Software:

  • ArcGIS for Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic

Esri Community

Search for related information

Training

Find training related to this topic

ArcGIS Ideas

Explore ideas and give feedback