Share via


Searching in AVIcode SE Viewer fails with "The URL encoded form data are not valid" error

hotfixHere’s a new Knowledge Base article we published today. This one talks about an issue introduced with MS11-100 that causes searches in AVIcode to fail:

=====

Symptoms

When using AVIcode SE Viewer to search for specific criteria, the following error message may be generated:

: Operation is not valid due to the current state of the object. (translation: the operation is not valid Because of the state of the object)
Source: System.Web
Target Site: Void ThrowIfMaxHttpCollectionKeysExceeded ()

Stack Trace: at System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded ()
to System.Web.HttpValueCollection.FillFromEncodedBytes (Byte [] bytes, Encoding encoding)
System.Web.HttpRequest.FillInFormCollection to ()

Message: The URL encoded form data are not valid.
Source: System.Web
Target Site: Void FillInFormCollection ()

Stack Trace: at System.Web.HttpRequest.FillInFormCollection ()
System.Web.HttpRequest.get_Form to ()
System.Web.HttpRequest.get_HasForm to ()
to System.Web.UI.Page.GetCollectionBasedOnMethod (Boolean dontReturnNull)
System.Web.UI.Page.DeterminePostBackMode to ()
at System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Message: Exception of type 'System.Web.HttpUnhandledException' was thrown.
Source: System.Web
Target Site: Boolean HandleError (System.Exception)

Stack Trace: at System.Web.UI.Page.HandleError (Exception e)
at System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest ()
at System.Web.UI.Page.ProcessRequest (HttpContext context)
to ASP.pages_search_allevents_aspx.ProcessRequest (HttpContext context)
to
at System.Web.HttpApplication.ExecuteStep (IExecutionStep step, Boolean & completedSynchronously)

Cause

This issue was introduced by Microsoft Security Bulleting MS11-100 (https://support.microsoft.com/kb/2656351 or https://technet.microsoft.com/en-us/security/bulletin/ms11-100). This hotfix affects any applications that rely on .Net Framework 4 and that handle large amounts of forms data. The hotfix adds the following key to the web.config file which has a default value of 1000:

<configuration xmlns=”https://schemas.microsoft.com/.NetConfiguration/v2.0″>
<appSettings>
<add key=”aspnet:MaxHttpCollectionKeys” value=”1000” />
</appSettings>
</configuration>

Resolution

To resolve this issue, modify the web.config file located in <drive>:\Program Files (x86)\AVIcode\Intercept\SEViewer\Web and change the value of MaxHttpCollectionKeys to a higher value. For example, change this:

<appSettings>
<add key="configPath" value="..\SEViewer.config" />
<add key="aspnet:MaxHttpCollectionKeys" value= "1000" />
<!--add key="WorkItemTrackingCacheRoot" value="C:\Program Files\Avicode\Intercept\SEViewer\Database\"/-->
</appSettings>

to this:

<appSettings>
<add key="configPath" value="..\SEViewer.config" />
<add key="aspnet:MaxHttpCollectionKeys" value="5000" />
<!--add key="WorkItemTrackingCacheRoot" value="C:\Program Files\Avicode\Intercept\SEViewer\Database\"/-->
</appSettings>

More Information

Note that increasing the MaxHttpCollectionKeys value above the default setting of 1000 increases the susceptibility of your server to the Denial of Service vulnerability that is discussed in security bulletin MS11-100. Please be sure you understand the issue as documented in Knowledge Base article 2661403 (https://support.microsoft.com/kb/2661403) and the possible ramifications for your particular environment before making the modifications discussed above.

=====

For the most current version of this article please see the following:

2667985 : Searching in AVIcode SE Viewer fails with "The URL encoded form data are not valid" error

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter :

clip_image001 clip_image002

App-V Team blog: https://blogs.technet.com/appv/
AVIcode Team blog: https://blogs.technet.com/b/avicode
ConfigMgr Support Team blog: https://blogs.technet.com/configurationmgr/
DPM Team blog: https://blogs.technet.com/dpm/
MED-V Team blog: https://blogs.technet.com/medv/
OOB Support Team blog: https://blogs.technet.com/oob/
Opalis Team blog: https://blogs.technet.com/opalis
Orchestrator Support Team blog: https://blogs.technet.com/b/orchestrator/
OpsMgr Support Team blog: https://blogs.technet.com/operationsmgr/
SCMDM Support Team blog: https://blogs.technet.com/mdm/
SCVMM Team blog: https://blogs.technet.com/scvmm
Server App-V Team blog: https://blogs.technet.com/b/serverappv
Service Manager Team blog: https://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: https://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: https://blogs.technet.com/sus/

The Forefront Server Protection blog: https://blogs.technet.com/b/fss/
The Forefront Identity Manager blog : https://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: https://blogs.technet.com/b/isablog/
The Forefront UAG blog: https://blogs.technet.com/b/edgeaccessblog/