Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.2.0.6
Sourcefire 3D System Release Notes
22
Issues Resolved in Version 5.2.0.6
Issues Resolved in Previous Updates
Previously resolved issues are listed by version.
Version 5.2.0.5
•
Security Issue
Eliminated a cross-site scripting (XSS) vulnerability
(CVE-2014-2012) in the intrusion rule editor pages that could allow an
attacker to access and disclose information, imitate user actions and
requests, or execute arbitrary JavaScript. Special thanks to Liad Mizrachi
Check Point Security Research Team for reporting this issue. (136539)
•
Security Issue
Eliminated a cross-site request forgery (CSRF) vulnerability
(CVE-2014-2011) in the User Configuration page that could allow an attacker
to add or edit user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136910)
•
Security Issue
Eliminated a CSRF vulnerability (CVE-2014-2028) in the User
Management page that could allow an attacker to activate, deactivate, edit,
or delete user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136913)
•
Security Issue
Eliminated an XSS vulnerability (CVE-2014-2275) in the
Scheduling page, Health Monitor page, and event viewers that could allow
an attacker to access and disclose information, imitate user actions and
requests, or execute arbitrary JavaScript. Special thanks to Adi Volkovitz
Check Point Security Research Team for reporting this issue. (137849,
137852, 137855)
Version 5.2.0.4
•
Resolved an issue where, in some cases, NAT rule validation failed if you
configured a static NAT rule with an original destination network that
overlapped the translated source network on a dynamic NAT rule in the
same NAT policy. (131490)
•
Resolved an issue where, after you selected Logarithmic as the Vertical
Scale for the Intrusion Event dashboard widget, the system refreshed the
widget and instead displayed the data using the default Linear Vertical Scale.
(132203)
•
Improved the stability of host data queries to the eStreamer client. (132239,
134244, 134295)
•
Improved the stability of connection event processing if your correlation
policy contained a rule based on a connection event and specified a
NETBIOS Name rule condition. (132562)
•
Resolved an issue where the eStreamer client omitted intrusion rule name
metadata for intrusion events if you associated a Sourcefire-provided
intrusion policy with an access control rule on a Defense Center running
Version 5.2.0.2. (132667)