Cisco Cisco FirePOWER Appliance 7030 Notas de publicación
Version 5.2.0.9
Sourcefire 3D System Release Notes
15
Issues Resolved in Version 5.2.0.9
•
Resolved an issue where, if you configured a custom table populated with
data from either the correlation events table or the applications table, then
selected Source IP as a common field, updates to Version 5.3 failed.
(135735/CSCze89511)
•
Improved memory usage of the Sourcefire Data Correlator.
(135868/CSCze89437, 138800/CSCze91288)
•
Improved the performance of the Rule Management page (Policies >
Correlation > Rule Management). (137905/CSCze91247)
•
Resolved an issue where, if you created a backup file for configuration data,
the system included extraneous geolocation data and increased the size of
the backup file. (137976/CSCze90600)
•
Resolved an issue where the system provided incorrect speed data for fiber
interfaces with speeds of 4GB and faster. (138072/CSCze90543)
•
Resolved an issue where, if you applied an access control rule with
end-of-connection logging enabled on a Series 3 managed device, large
quantities of traffic caused system issues. (139931/CSCze91584)
•
Improved the firmware on 8000 Series and 3D9900 devices to optimize
resource usage for packet processing. (140166/CSCze91569)
•
Resolved an issue where, in rare cases, the system generated health alert
emails containing indecipherable messages. (140442/CSCze92157)
•
Resolved an issue where scheduled vulnerability database (VDB) updates
failed if Greenwich Mean Time (GMT, also known as UTC) was not your local
time zone. (140464/CSCze91826)
•
Resolved an issue where, if you registered more than 100 managed devices
to a Defense Center, the Defense Center experienced system issues.
(140512/CSCze92416)
•
Resolved an issue where creating a new scheduled task on the Scheduling
page (System > Tools > Scheduling) caused the system to display an
authorization error message. (140556/CSCze92060)
Version 5.2.0.5
•
Security Issue
Eliminated a cross-site scripting (XSS) vulnerability
(CVE-2014-2012) in the intrusion rule editor pages that could allow an
attacker to access and disclose information, imitate user actions and
requests, or execute arbitrary JavaScript. Special thanks to Liad Mizrachi
Check Point Security Research Team for reporting this issue. (136539)
•
Security Issue
Eliminated a cross-site request forgery (CSRF) vulnerability
(CVE-2014-2011) in the User Configuration page that could allow an attacker
to add or edit user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136910)
•
Security Issue
Eliminated a CSRF vulnerability (CVE-2014-2028) in the User
Management page that could allow an attacker to activate, deactivate, edit,
or delete user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136913)