Guest

Preview Tool

Cisco Bug: CSCup33720 - Evaluation Missing Cross Frame Scripting (XFS) Protection on the ESA

Last Modified

Dec 24, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

8.0.1-023

Description (partial)

Symptoms: 
This defect is for having Cisco Email Security Appliance implement protection against Cross Frame Scripting (XFS) attacks via the usage of the
''X-Frame-Options'' HTTP header  set to value ''SAMEORIGIN''.
Conditions: 
Commonly the attacks to be performed require the user to access a web page under the control of the attacker.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.