漏洞
ArcGIS for Server redirects to the login page for a secured REST endpoint instead of resolving to the service by decrypting the supplied URL token.
| 漏洞 ID 编号 | BUG-000095330 |
|---|---|
| 已提交 | March 28, 2016 |
| 上次修改时间 | July 15, 2025 |
| 适用范围 | ArcGIS for Server |
| 找到的版本 | 10.3.1 |
| 操作系统 | Windows OS |
| 操作系统版本 | 2008 R2 64 Bit |
| 状态 | Non-Reproducible |
附加信息
This is expected behavior. The HTTP referrer option is causing the token to not be accepted by ArcGIS for Server when provided directly. This is working as designed. The ArcGIS Server REST API documents that setting as follows; HTTP Referer: When this (default) option is selected, the issued token can only be used in requests referred by the specified URL. This is the URL of the page from which the request is made to the ArcGIS resource. Use this approach when building an application with the ArcGIS API for JavaScript or other REST-based applications, in which individual clients requests maps and data directly from the ArcGIS for Server web service.解决办法
When using Request IP, the generated token used to open the secure map service works properly.重现步骤
漏洞 ID: BUG-000095330
软件:
- ArcGIS for Server
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序