Cisco Cisco Firepower Management Center 2000
22
FireSIGHT System Release Notes
Resolved Issues
Resolved an issue where, if you created an access control policy referencing an SSL policy containing a network
object with multiple entries on a managed Firepower appliance running Version 5.4 or later and you updated the
system to Version 6.0, policy apply failed. (CSCux31618)
object with multiple entries on a managed Firepower appliance running Version 5.4 or later and you updated the
system to Version 6.0, policy apply failed. (CSCux31618)
Resolved a rare issue where the system did not properly process HTTP POST data with incorrect headers.
(CSCux40517)
(CSCux40517)
Resolved an issue where, in some cases, the system database integrity check failed and you could not upgrade the
system to Version 6.0. (CSCux52218)
system to Version 6.0. (CSCux52218)
Resolved an issue where, if you edited and deployed an intrusion policy that was created in Version 5.4 or earlier,
intrusion layers may have become corrupted. (CSCux57697)
intrusion layers may have become corrupted. (CSCux57697)
Resolved an issue where, if you deployed an intrusion policy and enabled Sensitive Data Detection, the system did
not consistently mask content in traffic containing sensitive data. (CSCux61562)
not consistently mask content in traffic containing sensitive data. (CSCux61562)
Improved packet reassembly for HTTP traffic containing chunked encoding. (CSCux61630)
Improved HTTP inspection of gzip compressed data when there is no Content-Length header present in the HTTP
Response. (CSCux76518)
Response. (CSCux76518)
Resolved an issue where, graphs generated from the Intrusion Event Performance page (Overview > Summary >
Intrusion Event Performance) no data. (CSCux91742)
Intrusion Event Performance) no data. (CSCux91742)
Resolved an issue where, if you deployed an access control policy containing an SSL rule, the system eventually
dropped the majority of incoming traffic and caused a network outage. (CSCux95913)
dropped the majority of incoming traffic and caused a network outage. (CSCux95913)
Resolved an issue where, if you applied an intrusion rule set to Drop and Generate Events and enabled Sensitive
Data Detection in the Advanced Settings tab of the intrusion Edit Policy page (Policies > Intrusion > Intrusion
Policy), then edited the Sensitive Data Detection page and checked Masks, the system did not correctly mask some
sensitive data generated in intrusion events. (CSCuy43629)
Data Detection in the Advanced Settings tab of the intrusion Edit Policy page (Policies > Intrusion > Intrusion
Policy), then edited the Sensitive Data Detection page and checked Masks, the system did not correctly mask some
sensitive data generated in intrusion events. (CSCuy43629)
Resolved an issue where, if you applied policies after importing the 2016-02-28-001 rule update, the system did
not correctly apply policies. (CSCuy56212)
not correctly apply policies. (CSCuy56212)
Issues Resolved in Previous Versions
Previously resolved issues are listed by version.
Issues Resolved in Version 5.4.0.6 and Version 5.4.1.5:
Security Issue
Addressed multiple vulnerability issues in Linux, MYSQL, DNS, NTP, OpenSSL, and other third parties,
as described in CVE-2013-1944, CVE-2013-4545, CVE-2014-0139, CVE-2014-9296, CVE-2015-0405,
CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0500,
CVE-2015-0501, CVE-2015-0503, CVE-2015-0508, CVE-2015-1793, CVE-2015-2568, CVE-2015-2571,
CVE-2015-2573, CVE-2015-2575, CVE-2015-6335, CVE-2015-7855, and CVE-2015-7871.
CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0500,
CVE-2015-0501, CVE-2015-0503, CVE-2015-0508, CVE-2015-1793, CVE-2015-2568, CVE-2015-2571,
CVE-2015-2573, CVE-2015-2575, CVE-2015-6335, CVE-2015-7855, and CVE-2015-7871.
Security Issue
Addressed an arbitrary script injection vulnerability allowing unauthenticated, remote attackers to
exploit GNU C library DNS resolution functionality, as described in CVE-2013-7423.
Security Issue
Addressed multiple vulnerabilities in OpenSSL that allowed external attacks on client connections,
as described in CVE-2014-8275 and CVE-2015-0204.
Security Issue
Addressed multiple cross-site scripting (XSS) and arbitrary HTML injection vulnerabilities, including
those described in CVE-2015-6353.
Security Issue
Addressed multiple vulnerability issues that generated denial of service in NTP, XML, OpenSSL, and
other third parties as described in CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702,
CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7850, CVE-2015-7853.
CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7850, CVE-2015-7853.
Security Issue
Addressed multiple arbitrary script injection vulnerabilities allowing unauthenticated, remote
attackers to exploit or overwrite functionality as described in CVE-2015-7703.