01-18-2018 01:16 PM
A recent security scan of ISE 1.4 came up with the finding below. I am trying to determine if a defect is open on this and/or if it has been released in a later release already. I can find defects for the same error on ASA and ESA, but nothing for ISE comes up in my searches.
X-XSS-Protection HTTP Header missing on port 443.
"CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A missing protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An insufficient protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an ignored mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path."
Solved! Go to Solution.
01-19-2018 05:57 PM
XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:
Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco
01-19-2018 05:57 PM
XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:
Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide