cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
0
Helpful
1
Replies

ISE Security Finding - Existing Defect?

joonder
Cisco Employee
Cisco Employee

A recent security scan of ISE 1.4 came up with the finding below.  I am trying to determine if a defect is open on this and/or if it has been released in a later release already.  I can find defects for the same error on ASA and ESA, but nothing for ISE comes up in my searches.

X-XSS-Protection HTTP Header missing on port 443.

  "CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A missing protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An insufficient protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an ignored mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path."

1 ACCEPTED SOLUTION

Accepted Solutions

howon
Cisco Employee
Cisco Employee

XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:

Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco

View solution in original post

1 REPLY 1

howon
Cisco Employee
Cisco Employee

XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:

Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: