Cisco Cisco FirePOWER Appliance 8130 Notas de publicación
Version 5.2.0.8
Sourcefire 3D System Release Notes
21
Issues Resolved in Version 5.2.0.8
•
Security Issue
Eliminated a CSRF vulnerability (CVE-2014-2028) in the User
Management page that could allow an attacker to activate, deactivate, edit,
or delete user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136913)
•
Security Issue
Eliminated an XSS vulnerability (CVE-2014-2275) in the
Scheduling page, Health Monitor page, and event viewers that could allow
an attacker to access and disclose information, imitate user actions and
requests, or execute arbitrary JavaScript. Special thanks to Adi Volkovitz
Check Point Security Research Team for reporting this issue. (137849,
137852, 137855)
Version 5.2.0.4
•
Resolved an issue where, in some cases, NAT rule validation failed if you
configured a static NAT rule with an original destination network that
overlapped the translated source network on a dynamic NAT rule in the
same NAT policy. (131490)
•
Resolved an issue where, after you selected Logarithmic as the Vertical
Scale for the Intrusion Event dashboard widget, the system refreshed the
widget and instead displayed the data using the default Linear Vertical Scale.
(132203)
•
Improved the stability of host data queries to the eStreamer client. (132239,
134244, 134295)
•
Improved the stability of connection event processing if your correlation
policy contained a rule based on a connection event and specified a
NETBIOS Name rule condition. (132562)
•
Resolved an issue where the eStreamer client omitted intrusion rule name
metadata for intrusion events if you associated a Sourcefire-provided
intrusion policy with an access control rule on a Defense Center running
Version 5.2.0.2. (132667)
•
Improved system stability in cases where you applied an access control
policy revision that changed the file inspection options in an access control
rule. (132741)
•
Resolved an issue where setting the maximum transmission unit (MTU) of
an inline set on a Series 2 or a virtual device to a value below
1518
caused a
disruption in traffic. (134256)
Version 5.2.0.3
•
Resolved a NTP time synchronization issue between managed devices and
Defense Centers. (121909)
•
Resolved an issue where, in some cases, FireSIGHT rule state
recommendations did not generate if an intrusion rule variable contained a
network object. (125910)