漏洞
Expired tokens still work on tile requests for a secured cached map service for about 10 minutes of its generation.
| 漏洞 ID 编号 | BUG-000125341 |
|---|---|
| 已提交 | September 18, 2019 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS GIS Server |
| 找到的版本 | 10.7.1 |
| 操作系统 | Windows OS |
| 操作系统版本 | 2012 R2 |
| 状态 | Will Not Be Addressed |
附加信息
This is the expected behavior. The token is expiring correctly after the specified time-out value. The reason it is still usable for up to 10 minutes is that ArcGIS Server caches tokens specifically for cached map service tile requests to improve performance. Accessing a cached map service does not consist of one request but a series of requests to retrieve the individual tiles that make up the cached map service. For a secured cached map service, each tile request must include the token. There would be a noticeable performance impact if ArcGIS Server validated the token for every tile request needed to view a cached map service. For this reason, the token is cached for 10 minutes. If the token happens to be cached just before it expires, it will continue to be used when accessing the cached map service tiles during that 10-minute window.重现步骤
漏洞 ID: BUG-000125341
软件:
- ArcGIS GIS Server
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序