06-11-2019 08:43 AM
I have recently upgraded the firmware on a SG300-28 to 1.4.10.6
I am now getting a vulnerability scan result with the title: Web Server Generates CORS Headers Using User Supplied Values
This is being flagged on port 80 and port 443.
Does anyone have an idea on where I would start on dealing with this issue?
Thanks!
Ed Gallagher
Solved! Go to Solution.
06-13-2019 06:01 AM
Hi Ed,
This type of error was reported earlier for 350/550 series Switches, and it used to generate due to the introduction of SNA feature. However, for 300 series switches with the latest firmware 1.4.10.6 it was not reported earlier.
Please open a service request with us by contacting our frontline number; accordingly we can investigate further on this issue. Please follow the below mentioned link to contact us…
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
06-11-2019 09:29 AM
Hi there,
Personally I would just disable the HTTP(S) service on the switch and just administrate it vai SSH:
! no ip http server no ip http secure-server !
cheers,
Seb.
06-13-2019 06:01 AM
Hi Ed,
This type of error was reported earlier for 350/550 series Switches, and it used to generate due to the introduction of SNA feature. However, for 300 series switches with the latest firmware 1.4.10.6 it was not reported earlier.
Please open a service request with us by contacting our frontline number; accordingly we can investigate further on this issue. Please follow the below mentioned link to contact us…
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
06-13-2019 07:58 AM
Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: