CVE-2015-0757 Information

Description

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers which allows remote attackers to obtain sensitive information by reading web pages as demonstrated by MnT reports aka Bug ID CSCuq23140.

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39042 http://www.securityfocus.com/bid/74864 http://www.securitytracker.com/id/1032420