Error "This page has been blocked because it attemps to exploit an application level vulnerability"
Hello, Using Gemini v4.0.0, we get the error below: "Part of this page has been block due tu the following reason: this page (or part of it) has been blocked because it attempts to exploit an application level vulnerability. Transaction ID is 4DC93C0369FE270B47C6".
It occurs each time we want to create or edit issue (http://bugtrack.traceparts.com/Issue/Issue.aspx) or comment (http://bugtrack.traceparts.com/Issue/Comment.aspx). On these pages, it seems we can use any controls but WYSIWYG editor. It happens both on IE6 or Firefox 3.6.16. Transaction ID is always the same.
We just updgraded from Gemini v2 and the error occurs since then. Could you please help us to fix this issue?
Best regards
Yann
Yann
· 1 |
|
Saturday, May 14, 2011, 7:22:51 AM |
0
|
Please make sure that Gemini is running under .net 2.0 application pool. |
||||
|
0
|
It does. Note: This is the web browser that returns this error, not the server. |
||||
|
0
|
Can you please try it on our site: http://gemini.countersoft.com ? You'll need to register (top right) and log in. |
||||
|
0
|
We switch from "Rich text editor" to "Tiny MCE editor". It seems the error does not appear anymore. Unfortunately, unlike in http://gemini.countersoft.com, we do not have any toolbars anymore so we can just enter text and can not change its size, color, etc.. or add picture in the issue/commentary text. |
||||
|
0
|
Is it possible to attach some screenshots to the original question (the error and the tinyMCE)? |
||||
|
0
|
Also, please check your full Gemini url setting (Administration -> General), is it correct? Also, is enforce url on the same page set to yes? If so then set it to no. |
||||
|
0
|
Here they are: http://img263.imageshack.us/i/geminiv4error.png/ http://img813.imageshack.us/i/geminiv4nowysiwyg.png/ |
||||
|
0
|
Full Gemini url setting is correct. Enforce url on the same page is already to "no". |
||||
|
0
|
It seeme like your firewall / anti-virus is blocking our scripts (see: http://www.telerik.com/community/forums/aspnet-ajax/general-discussions/security-vunerability-blocked-by-proxy.aspx) |
||||
|
0
|
I am sorry, I forgot to tell that the first problem was encountered with one of our partner trying to use Gemini installed on our server, and the second problem exists on our server since we have switched to TinyMCE (as a workaround because we have no way to change the settings of our partner firewall). Would you prefer I close this thread and create a new one? |
||||
|
0
|
We believe that the 2 issues are related. Do you get any javascript errors when on the page? |
||||
|
0
|
No we don't. summary: Gemini v4 is installed on our server. With Rich text editor: - We can create and edit issues and comments - Our partner can not (get the vulnerability error) With TinyMCE - we do not have any toolbars, but we can create and edit issues and comments - Our partner do not have any toolbars as well, but can create and edit issues and comments If we consider only our side and not our partner side because we had no problem until we switched the editor, how can our partner firewall / antivirus be the problem? (if it was part of it, we would have no problem our side, no?) |
||||
|
0
|
Got you. Is it possible for us to access the system? If so please send details to suppor at countersoft dot com |
||||
|
0
|
Sorry for this late answer. What kind of access do you need? will an administrator account be ok? |
||||
|
0
|
Yes, admin will be fine. |
||||
|
0
|
ANSWER
TinyMCE issue solved. The appilication pool should be .net 2.0 integrated mode. |
||||
|