Guest

Preview Tool

Cisco Bug: CSCuj23709 - enumerate 3rd party s/w version+WSDL w/ unauthenticated HTTPS session

Last Modified

Jun 07, 2016

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.899)

Description (partial)

Symptom:
1. Able to get the version of one third party software component without authenticating.

Using https:/ISE-hostname/admin/services/Version?method=getVersion

2. Able to retrieve WSDL for some services without authenticating.

https://ISE-hostname/admin/services/AdminDistributionService?wsdl

https://ISE-hostname/admin/services/AdminTypeLessEntityService?wsdl

https://ISE-hostname/admin/services/AdminMappingService?wsdl

Conditions:
Any web browser with HTTPS support with network accessibility to the ISE Administration web application can run these commands without having any Administrative privileges.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.