Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

266
Views
0
Helpful
1
Replies
Highlighted
joonder
Cisco Employee
Cisco Employee
‎01-18-2018 01:16 PM
‎01-18-2018 01:16 PM

ISE Security Finding - Existing Defect?

A recent security scan of ISE 1.4 came up with the finding below.  I am trying to determine if a defect is open on this and/or if it has been released in a later release already.  I can find defects for the same error on ASA and ESA, but nothing for ISE comes up in my searches.

X-XSS-Protection HTTP Header missing on port 443.

  "CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A missing protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An insufficient protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an ignored mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path."

0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
howon
Cisco Employee
Cisco Employee
‎01-19-2018 05:57 PM
‎01-19-2018 05:57 PM

Re: ISE Security Finding - Existing Defect?

XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:

Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco

View solution in original post

0 Helpful
Reply
1 REPLY 1
Highlighted
howon
Cisco Employee
Cisco Employee
‎01-19-2018 05:57 PM
‎01-19-2018 05:57 PM

Re: ISE Security Finding - Existing Defect?

XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:

Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco

View solution in original post

0 Helpful
Reply
Latest Contents
Cisco ISE pxGrid App for QRadar v1.1.0 Update
Created by Jason Kunst on 06-05-2020 07:17 AM
0
0
0
0
As of June 2020, the Cisco ISE pxGrid App for QRadar Ver 1.1.0 is officially Validated and released by IBM, available for download from IBM XFE. Access the link to download app here.   Overview The Cisco ISE pxGrid App V1.1 supports Cisco Identity Se... view more
issue with route map to firewall for further inspection
Created by robinandjiang on 06-04-2020 02:51 PM
0
0
0
0
i have an ip that is part of our internal network, i configured route map on the core to redirect the traffic to the firewall for further inspection.i checked the firewall logs i can see the traffic is redirect to the firewall successfully. i could ping o... view more
what it means when context visibility Status showing 'discon...
Created by getaway51 on 06-03-2020 11:57 PM
0
0
0
0
Hi, 1)May I know wht it means when context visibility Status showing 'disconnected" and '(blank)'?Difference between 'disconnected" and '(blank)'. Since both devices also not connected.I found tht these devices are no longer connected to the swi... view more
Multiple WAN ip On outside Interface
Created by MrBeginner on 06-03-2020 10:27 PM
0
0
0
0
Hi ,I would like to configure multiple public ip (same subnet) on outside interface of ASA.I want to use static NAT for specific purpose.For example i have 8 public IP and I want to use 1 is internet ,1 for VPN  ,1 for DMZ server and all ip want to a... view more
How to retrieve the IPS Policies from Firepower Management C...
Created by Tang-Suan Tan on 06-03-2020 05:55 PM
2
0
2
0
Hi all, Is it a way to retrieve the IPS policies from our IPS Appliance or censor? I have tried to look for a way but I am not able to do so. May I knwo any way can retrieve the policies from the Appliance either from the Appliance itself o... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners

Follow our Social Media Channels