This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
A recent security scan of ISE 1.4 came up with the finding below. I am trying to determine if a defect is open on this and/or if it has been released in a later release already. I can find defects for the same error on ASA and ESA, but nothing for ISE comes up in my searches.
X-XSS-Protection HTTP Header missing on port 443.
"CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A missing protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An insufficient protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an ignored mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path."
Solved! Go to Solution.
XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:
Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco
XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:
Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco