Field Notice: FN - 72066 - When AP.xsp.22.0.1123.ap367291 or AP.xsp.23.0.1075.ap367291 are Applied on XSP, XSI Web Error Responses in HTML Escaped - Software Upgrade Recommended

Available Languages

Updated:February 15, 2021

Document ID:FN72066

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	08-Feb-21	Initial Release

Products Affected

Affected OS Type	Affected Software Product	Affected Release	Affected Release Number	Comments
NON-IOS	Application Patches	22.0	22.0.2020.01
NON-IOS	Application Patches	23.0	23.0.2020.01

Defect Information

Defect ID	Headline
CSCvw92855	There were no defects filed with this field notice at the time of publication.

Problem Description

When AP.xsp.22.0.1123.ap367291 or AP.xsp.23.0.1075.ap367291 is applied on the eXtended Service Platform (XSP), eXtended Services Interface (XSI) web error responses are HTML escaped.

Background

Note: This field notice was originally posted in the BroadSoft Xchange portal and has been moved over to Cisco.com as-is for historical purposes.

Problem Symptom

The original intent of AP367291 is to harden the validation of incoming XSI request and error responses to malicious requests by performing an HTML escape on the response content. Once the patch is applied, some error scenarios will result in a “bad request error” message being received instead of the error message that describes the issue.

Workaround/Solution

BroadWorks patches can now be downloaded through the Cisco Software Download Center after logging in with your Cisco.com (CCO) account.

The version of BroadWorks that is currently deployed as well as the patches currently activated can be checked by executing the get versions all command from the CLI. More information on how to check the patch level can be found in the Cisco BroadWorks Maintenance Guide.

Workaround

AP.xsp.22.0.1123.ap367291 or AP.xsp.23.0.1075.ap367291 can be removed from the impacted server.

Patch

AP.xsp.22.0.1123.ap373108 and AP.xsp.23.0.10175.ap373108 are now available on Xchange for this issue. Apply the applicable patch on the impacted servers.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)