Searching in AVIcode SE Viewer fails with "The URL encoded form data are not valid" error

Article
02/02/2012

Here’s a new Knowledge Base article we published today. This one talks about an issue introduced with MS11-100 that causes searches in AVIcode to fail:

=====

Symptoms

When using AVIcode SE Viewer to search for specific criteria, the following error message may be generated:

: Operation is not valid due to the current state of the object. (translation: the operation is not valid Because of the state of the object)
Source: System.Web
Target Site: Void ThrowIfMaxHttpCollectionKeysExceeded ()

Stack Trace: at System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded ()
to System.Web.HttpValueCollection.FillFromEncodedBytes (Byte [] bytes, Encoding encoding)
System.Web.HttpRequest.FillInFormCollection to ()

Message: The URL encoded form data are not valid.
Source: System.Web
Target Site: Void FillInFormCollection ()

Stack Trace: at System.Web.HttpRequest.FillInFormCollection ()
System.Web.HttpRequest.get_Form to ()
System.Web.HttpRequest.get_HasForm to ()
to System.Web.UI.Page.GetCollectionBasedOnMethod (Boolean dontReturnNull)
System.Web.UI.Page.DeterminePostBackMode to ()
at System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Message: Exception of type 'System.Web.HttpUnhandledException' was thrown.
Source: System.Web
Target Site: Boolean HandleError (System.Exception)

Stack Trace: at System.Web.UI.Page.HandleError (Exception e)
at System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest ()
at System.Web.UI.Page.ProcessRequest (HttpContext context)
to ASP.pages_search_allevents_aspx.ProcessRequest (HttpContext context)
to
at System.Web.HttpApplication.ExecuteStep (IExecutionStep step, Boolean & completedSynchronously)

Cause

This issue was introduced by Microsoft Security Bulleting MS11-100 (https://support.microsoft.com/kb/2656351 or https://technet.microsoft.com/en-us/security/bulletin/ms11-100). This hotfix affects any applications that rely on .Net Framework 4 and that handle large amounts of forms data. The hotfix adds the following key to the web.config file which has a default value of 1000:

Resolution

To resolve this issue, modify the web.config file located in <drive>:\Program Files (x86)\AVIcode\Intercept\SEViewer\Web and change the value of MaxHttpCollectionKeys to a higher value. For example, change this:

to this:

More Information

Note that increasing the MaxHttpCollectionKeys value above the default setting of 1000 increases the susceptibility of your server to the Denial of Service vulnerability that is discussed in security bulletin MS11-100. Please be sure you understand the issue as documented in Knowledge Base article 2661403 (https://support.microsoft.com/kb/2661403) and the possible ramifications for your particular environment before making the modifications discussed above.

=====

For the most current version of this article please see the following:

2667985 : Searching in AVIcode SE Viewer fails with "The URL encoded form data are not valid" error

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter :

The Forefront Server Protection blog: https://blogs.technet.com/b/fss/
The Forefront Identity Manager blog : https://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: https://blogs.technet.com/b/isablog/
The Forefront UAG blog: https://blogs.technet.com/b/edgeaccessblog/

Searching in AVIcode SE Viewer fails with "The URL encoded form data are not valid" error

Symptoms

Cause

Resolution

More Information

Additional resources