cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

176
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

ISE Security Finding - Existing Defect?

A recent security scan of ISE 1.4 came up with the finding below.  I am trying to determine if a defect is open on this and/or if it has been released in a later release already.  I can find defects for the same error on ASA and ESA, but nothing for ISE comes up in my searches.

X-XSS-Protection HTTP Header missing on port 443.

  "CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A missing protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An insufficient protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an ignored mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path."

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE Security Finding - Existing Defect?

XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:

Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco

1 REPLY 1
Cisco Employee

Re: ISE Security Finding - Existing Defect?

XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:

Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco