漏洞
In ArcGIS Pro 2.6.3, a query is prompted in Portal for ArcGIS on the group information via a POST request (token appended) with no content in the body. This triggers the F5 Silverline Web Application Firewall (WAF) (possibly others) to block the traffic as it detects a potential HTTP request smuggling operation. It also occurs when performing search operations against the Portal for ArcGIS. ArcGIS Pro should perform a GET request to retrieve these items.
| 漏洞 ID 编号 | BUG-000135580 |
|---|---|
| 已提交 | November 19, 2020 |
| 上次修改时间 | December 12, 2024 |
| 适用范围 | ArcGIS Pro |
| 找到的版本 | 2.6.3 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 64 Bit |
| 状态 | Non-Reproducible |
附加信息
Please upgrade to the latest version of ArcGIS Pro.解决办法
Explicitly allow the blocked traffic in the Web Application Firewall (WAF).
重现步骤
漏洞 ID: BUG-000135580
软件:
- ArcGIS Pro
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序