ESRI ArcGIS for Server open Redirection Vulnerability (CVE-2014-5122)

ESRI ArcGIS for Server open Redirection Vulnerability (CVE-2014-5122)

Release date:
Updated on:

Affected Systems:
ESRI ArcGIS for Server 10.1.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69341
CVE (CAN) ID: CVE-2014-5122
 
ArcGIS is a complete GIS platform product provided by Esri with over 40 years of consulting and R & D experience in geographic information system (GIS, powerful map production, space data management, space analysis, spatial information integration, publishing and sharing capabilities.
 
ESRI ArcGIS for Server 10.1.1 and other versions have the open Redirection Vulnerability. Attackers can exploit this vulnerability by constructing Uris and enticing users to browse and exploit the vulnerability to redirect victims to sites controlled by attackers.
 
<* Source: CAaNES
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
ESRI
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://www.esrichina-bj.cn/softwareproduct/ArcGIS/
 
Reference: http://www.securityfocus.com/archive/1/archive/1/533189/100/0/threaded

========================================================== ==================

Install ArcGIS 10 on Linux:

Install ArcGIS 10_01 on Linux to install Linux Virtual Machine and yum source configuration

Install ArcGIS 10_02 on Linux and Oracle11gR2

Install ArcGIS 10_03 on Linux to install ArcSDE 10

Install ArcGIS 10_04 on Linux to install ArcGIS Server 10

Install ArcGIS 10.1 _ 01 on Linux to install ArcGIS Server 10.1

========================================================== ==================

This article permanently updates the link address: