01-18-2018 01:16 PM
A recent security scan of ISE 1.4 came up with the finding below. I am trying to determine if a defect is open on this and/or if it has been released in a later release already. I can find defects for the same error on ASA and ESA, but nothing for ISE comes up in my searches.
X-XSS-Protection HTTP Header missing on port 443.
"CWE-693: Protection Mechanism Failure mentions the following - The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. A missing protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An insufficient protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an ignored mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path."
Solved! Go to Solution.
01-19-2018 05:57 PM
XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:
Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco
01-19-2018 05:57 PM
XSS has been addressed with patch 11 for ISE 1.4. Refer to 1.4 RN:
Release Notes for Cisco Identity Services Engine, Release 1.4 - Cisco
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: