Cisco Cisco Firepower Management Center 2000 Notas de publicación
Version 5.3.0.2
Sourcefire 3D System Release Notes
27
Issues Resolved in Version 5.3.0.2
•
Security Issue
Eliminated an XSS vulnerability (CVE-2014-2012) in the
intrusion rule editor pages that could allow an attacker to access and
disclose information, imitate user actions and requests, or execute arbitrary
JavaScript. Special thanks to Liad Mizrachi Check Point Security Research
Team for reporting this issue. (136542)
•
Security Issue
Eliminated a cross-site request forgery (CSRF) vulnerability
(CVE-2014-2011) in the User Configuration page that could allow an attacker
to add or edit user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136911)
•
Security Issue
Eliminated a CSRF vulnerability (CVE-2014-2028) in the User
Management page that could allow an attacker to activate, deactivate, edit,
or delete user accounts. Special thanks to Liad Mizrachi Check Point
Security Research Team for reporting this issue. (136914)
•
Resolved an issue where the system provided incorrect speed data for fiber
interfaces with speeds of 4GB and faster. (137484)
•
Security Issue
Eliminated an XSS vulnerability (CVE-2014-2275) in the
Scheduling page, the Health Monitor page, and the event viewers that could
allow an attacker to access and disclose information, imitate user actions
and requests, or execute arbitrary JavaScript. Special thanks to Adi Volkovitz
Check Point Security Research Team for reporting this issue. (137850,
137853, 137856)
•
Resolved an issue where, after you disconnected and reconnected the fiber
interfaces on a Series 3 managed device, the system did not reestablish the
network connection. (138099)
Version 5.3
•
Improved the performance and stability of VPN. (116996, 119698, 123636)
•
Resolved an issue where modifying the device configuration on a clustered
stack and immediately applying the changes caused the apply to fail and the
system to display an error message in the task status queue. (121625)
•
Resolved an issue where, in some cases, installing a new intrusion rule
update caused custom intrusion rule classifications referenced by
correlation rules to revert to predefined classifications. (122163)
•
Resolved an issue where, in some cases, network discovery policies did not
function as expected if you applied two or more network discovery rules
constrained by the same zones and networks that were configured to
discover a different combination of hosts, users, and applications. (122853)
•
Resolved an issue where LDAP authentication could fail if the DNS entries
in your network environment for your LDAP server's hostname and IP
address did not match. (123447)
•
Resolved an issue where updates of the Sourcefire 3D System required
upwards of three hours on Series 3 appliances. (124148)
•
Resolved an issue where, in some cases, you could not edit a device group
if it contained an inactive managed device. (124286)