Guest

Preview Tool

Cisco Bug: CSCum08904 - JSPX files uploaded into ISE root should be blocked from direct access

Last Modified

Nov 05, 2016

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.905)

Description (partial)

Symptom:
Jspx files that are in Admin,MyDevices, and Blackhole can be accessed directly using the path as they are not being blocked in Web.xml

Conditions:
Login to root
Upload any jspx file into admin/mydevices/backhole webapp 
Try to access the same , say http://PAP/admin/filename.jspx
CSCui67511 addresses the same issue for Guest and Sponsor Portals, the same need to be addressed in Admin, Mydevices,  and Blackhole Portal
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.