Blog Posts For 2022

Version 3.6

STIG Spider was synchronized with DISA's 2022 Q4 SRG-STIG Library Compilation.

Version 3.5

STIG Spider was synchronized with DISA's 2022 Q3 SRG-STIG Library Compilation.

Version 3.4

STIG Spider is now four years old! STIG Spider was synchronized with DISA's 2022 Q2 SRG-STIG Library Compilation and updated Control Correlation Identifier (CCI) information released April 5, 2022.

Version 3.3

STIG Spider was updated to address upstream vulnerabilities:

  • CVE-2022-24464 Microsoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests.
  • CVE-2022-24512 A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double Parse routine.

Version 3.2

STIG Spider was updated to address upstream vulnerabilities:

  • CVE-2022-21986 A Denial-of-Service vulnerability exists in .NET 5.0 and .NET 6.0 where Kestrel overpooling of HTTP/2 and HTTP/3 request headers may lead to denial of service.

Version 3.1

STIG Spider was synchronized with DISA's 2022 Q1 SRG-STIG Library Compilation.