Release date: October 19, 2021
These release notes describe the new features, improvements, and fixed issues in Kiwi Syslog Server 9.8. They also provide information about upgrades and describe workarounds for known issues.
If you are looking for previous release notes for Kiwi Syslog Server, see Previous Version documentation.
New features and improvements
Kiwi Syslog Server 9.8 offers new features and improvements compared to previous versions of Kiwi Syslog Server
Microsoft SQL Server 2019 support
Kiwi Syslog Server now supports and successfully writes messages to the Microsoft SQL Server 2019 database.
New Internet Information Server (IIS) webserver for Kiwi Web Access
The UltiDevWebServer has been deprecated and Kiwi Syslog Server now leverages Internet Information Server (IIS) to provide modern and secure web service.
Support for SNMPv3 credentials
Kiwi Syslog Server now supports functionality for adding and removing SNMPv3 user credentials, including values for username, authentication password, private password, algorithms, and security level. See fixed issues below for more details.
Licensing framework upgrade
Kiwi Syslog Server 9.8 offers the latest SolarWinds licensing framework to be using in conjunction with SolarWinds logging.
Updated jQuery library
The jQuery library used in Kiwi Syslog Server has been updated to version 3.6.0.
Removal of .NET versions 2.0 and 3.5
Kiwi Syslog Server will no longer require and operate on the .NET 2.0 and 3.5 frameworks to improve security of customer sessions and cookies. See fixed issues below for more details.
New customer installation
For information about installing Kiwi Syslog Server, see the Kiwi Syslog Server Installation Guide.
After installation, see the Kiwi Syslog Server Getting Started Guide for implementation and troubleshooting guidelines. The guide walks you through common configuration tasks to help you get up and running quickly.
How to upgrade
If you are upgrading from an earlier version, use the Kiwi Syslog Server Upgrade Guide to plan and implement an upgrade to Kiwi Syslog Server9.8.
Fixed issues in KSS 9.8
KSS 9.8 fixes the following issues.
|N/A||The KiwiSyslogLicensor.exe application is now digitally signed.|
|00179952, 00815565, 00490222||SNMPv3 credentials are now exported appropriately without crashing the service.|
|00202438, 00296403, 00376967, 00864855, 00864855, 00254325, 00389680, 00220030||UTF-8 symbols now display correctly in action and text fields.|
|00744921, 00759402, 00820497||The HTTP security header is now detectable.|
|00799858, 00871069, 00798372||The Windows unquoted path vulnerability has been resolved. See CVEs below.|
|N/A||The License Manager version 126.96.36.1992 now loads correctly.|
|00589979||The session identifier is now updated and resolves the potential vulnerability. See CVEs below.|
|00820497, 00669111||The HTTP TRACK and TRACE vulnerabilities have been resolved. See CVEs below.|
|00625071||Software versions are no longer viewable in the HTTP header.|
|00775510, 00788703, 00792253, 00841628, 00767612, 00841066, 00844947, 00896711||Users are now able to save filters from the Events tab.|
|00746439, 00740074, 00747488, 00747419, 00750586, 00752088, 00753175, 00752132, 00755082, 00746654, 00747625, 00749786, 00746328, 00753257, 00744039,||Users with Kiwi CatTools 3.11.8 are now able to continue the Kiwi Syslog Server setup process.|
|00640200||.NET CLR no longer presents a potential FIPS vulnerability. See CVEs below.|
|00711054, 00737175, 00773411, 00802805, 00641765, 00641360, 00710850, 00748954, 00764883, 00818115, 00874516, 00881358, 00789612||Users no longer receive the HttpUnhandledException error while attempting to access the Events tab in the Web Access portal.|
|00688130, 00779774, 00861151, 00683475, 00709991, 00753162, 00704103, 00837374, 00903887||Users are now able to import filters appropriately in the Kiwi Web Access portal.|
|00667753||The script to pass custom variables now works as expected.|
|00743108, 00762258, 00865670||Users no longer lose Priority information while spoofing with Npcap.|
|00744054||Npcap spoofing no longer fails if "hostname" is used as a destination.|
|00773496, 00809603||Users are now able to reset passwords in the Admin tab in the Web Access portal.|
|00780022||Russian language files are no longer detected in the installation package.|
|00863789||In the Forward to another host action, the options for New Facility and New Level are now correctly named.|
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
|CVE-2021-35233||HTTP TRACK & TRACK Methods Enabled Vulnerability||The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.||Medium||N/A|
|CVE-2021-35235||ASP.NET Debug Feature Enabled||
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.1. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application.
If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.
|CVE-2021-35236||Missing Secure Flag From SSL Cookie||The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.1. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text.||Low||N/A|
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking.
Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.
|CVE-2021-35231||Unquoted Path Vulnerability (SMB Login)||
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
Example vulnerable path:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application
End of life
See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.
© 2021 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.