Gemini Community Support Site

This Gemini community support site can be used to find solutions to product issues. You can log in using Open Id, Google Profile and even Facebook. Feel free to ask a question or browse FAQs and documentation. Product tour videos are also available along with how-to videos demonstrating key Gemini capabilities.




Error "This page has been blocked because it attemps to exploit an application level vulnerability"

usage

Hello, Using Gemini v4.0.0, we get the error below: "Part of this page has been block due tu the following reason: this page (or part of it) has been blocked because it attempts to exploit an application level vulnerability. Transaction ID is 4DC93C0369FE270B47C6".

It occurs each time we want to create or edit issue (http://bugtrack.traceparts.com/Issue/Issue.aspx) or comment (http://bugtrack.traceparts.com/Issue/Comment.aspx). On these pages, it seems we can use any controls but WYSIWYG editor. It happens both on IE6 or Firefox 3.6.16. Transaction ID is always the same.

We just updgraded from Gemini v2 and the error occurs since then. Could you please help us to fix this issue?

Best regards

Yann
Yann
· 1 		Yann
Saturday, May 14, 2011, 7:22:51 AM
Replies (16)
helpful
0
not helpful

Please make sure that Gemini is running under .net 2.0 application pool.
Mark Wing
· 9108 		Mark Wing
Saturday, May 14, 2011, 12:44:35 PM
helpful
0
not helpful

It does. Note: This is the web browser that returns this error, not the server.
Yann
· 1 		Yann
Saturday, May 14, 2011, 11:02:34 PM
helpful
0
not helpful

Can you please try it on our site: http://gemini.countersoft.com ? You'll need to register (top right) and log in.
Saar Cohen
· 5000 		Saar Cohen
Saturday, May 14, 2011, 11:34:16 PM
helpful
0
not helpful

We switch from "Rich text editor" to "Tiny MCE editor". It seems the error does not appear anymore.

Unfortunately, unlike in http://gemini.countersoft.com, we do not have any toolbars anymore so we can just enter text and can not change its size, color, etc.. or add picture in the issue/commentary text.
Yann
· 1 		Yann
Monday, May 16, 2011, 9:52:39 AM
helpful
0
not helpful

Is it possible to attach some screenshots to the original question (the error and the tinyMCE)?
Mark Wing
· 9108 		Mark Wing
Monday, May 16, 2011, 9:57:35 AM
helpful
0
not helpful

Also, please check your full Gemini url setting (Administration -> General), is it correct? Also, is enforce url on the same page set to yes? If so then set it to no.
Mark Wing
· 9108 		Mark Wing
Monday, May 16, 2011, 10:36:43 AM
helpful
0
not helpful

Here they are: http://img263.imageshack.us/i/geminiv4error.png/ http://img813.imageshack.us/i/geminiv4nowysiwyg.png/
Yann
· 1 		Yann
Monday, May 16, 2011, 1:33:32 PM
helpful
0
not helpful

Full Gemini url setting is correct. Enforce url on the same page is already to "no".
Yann
· 1 		Yann
Monday, May 16, 2011, 2:13:30 PM
helpful
0
not helpful

It seeme like your firewall / anti-virus is blocking our scripts (see: http://www.telerik.com/community/forums/aspnet-ajax/general-discussions/security-vunerability-blocked-by-proxy.aspx)
Mark Wing
· 9108 		Mark Wing
Monday, May 16, 2011, 2:49:32 PM
helpful
0
not helpful

I am sorry, I forgot to tell that the first problem was encountered with one of our partner trying to use Gemini installed on our server, and the second problem exists on our server since we have switched to TinyMCE (as a workaround because we have no way to change the settings of our partner firewall). Would you prefer I close this thread and create a new one?
Yann
· 1 		Yann
Monday, May 16, 2011, 3:33:32 PM
helpful
0
not helpful

We believe that the 2 issues are related. Do you get any javascript errors when on the page?
Mark Wing
· 9108 		Mark Wing
Monday, May 16, 2011, 4:02:31 PM
helpful
0
not helpful

No we don't. summary: Gemini v4 is installed on our server. With Rich text editor: - We can create and edit issues and comments - Our partner can not (get the vulnerability error)

With TinyMCE - we do not have any toolbars, but we can create and edit issues and comments - Our partner do not have any toolbars as well, but can create and edit issues and comments

If we consider only our side and not our partner side because we had no problem until we switched the editor, how can our partner firewall / antivirus be the problem? (if it was part of it, we would have no problem our side, no?)
Yann
· 1 		Yann
Monday, May 16, 2011, 5:25:52 PM
helpful
0
not helpful

Got you. Is it possible for us to access the system? If so please send details to suppor at countersoft dot com
Saar Cohen
· 5000 		Saar Cohen
Monday, May 16, 2011, 6:17:29 PM
helpful
0
not helpful

Sorry for this late answer. What kind of access do you need? will an administrator account be ok?
Yann
· 1 		Yann
Tuesday, May 24, 2011, 11:08:03 AM
helpful
0
not helpful

Yes, admin will be fine.


Mark Wing
· 9108 		Mark Wing
Tuesday, May 24, 2011, 12:00:54 PM
helpful
0
not helpful
ANSWER

TinyMCE issue solved. The appilication pool should be .net 2.0 integrated mode.
Saar Cohen
· 5000 		Saar Cohen
Monday, May 30, 2011, 3:51:12 PM