06-11-2019 08:43 AM
I have recently upgraded the firmware on a SG300-28 to 1.4.10.6
I am now getting a vulnerability scan result with the title: Web Server Generates CORS Headers Using User Supplied Values
This is being flagged on port 80 and port 443.
Does anyone have an idea on where I would start on dealing with this issue?
Thanks!
Ed Gallagher
Solved! Go to Solution.
06-13-2019 06:01 AM
Hi Ed,
This type of error was reported earlier for 350/550 series Switches, and it used to generate due to the introduction of SNA feature. However, for 300 series switches with the latest firmware 1.4.10.6 it was not reported earlier.
Please open a service request with us by contacting our frontline number; accordingly we can investigate further on this issue. Please follow the below mentioned link to contact us…
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
06-11-2019 09:29 AM
Hi there,
Personally I would just disable the HTTP(S) service on the switch and just administrate it vai SSH:
! no ip http server no ip http secure-server !
cheers,
Seb.
06-13-2019 06:01 AM
Hi Ed,
This type of error was reported earlier for 350/550 series Switches, and it used to generate due to the introduction of SNA feature. However, for 300 series switches with the latest firmware 1.4.10.6 it was not reported earlier.
Please open a service request with us by contacting our frontline number; accordingly we can investigate further on this issue. Please follow the below mentioned link to contact us…
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
06-13-2019 07:58 AM
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide