NeXpose Release December 18, 2009

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

Improved access to vulnerability risk scores for faster vulnerability remediation


  • Vulnerability listings are now displayed with risk scores in the NeXpose Security Console (NSC) Web interface. You can find out the level of exposure each vulnerability represents immediately, even before you generate and print the full remediation report. This enhancement helps you prioritize your remediation projects more quickly.

 

Enhanced vulnerability checking for Web applications and Windows environments


  • All NeXpose scan templates now come with a setting for configuring the Web spider to test for persistent cross-site scripting (XSS) during a single scan. Detecting persistent XSS flaws in your Web applications enables you to reduce the risk of dangerous attacks via malicious code stored on Web servers. This setting appears as a check box on the Web Spidering page of every scan template. Note that this enhancement may significantly increase scan times, depending on the complexity of your Web applications. You may need to adjust the length of scheduled scan windows.
  • The NeXpose file checking process for MS Windows target environments has been modified to provide greater detection accuracy, further reducing the rate of false negatives.
  • Correlation content has been updated for better overall accuracy of scan results.

 

Improved scan engine updating allows updates while scans are still in progress


  • A NeXpose Scan Engine (NSE) can now be successfully updated while scans are still in progress. This enables you to ensure that all scan engines are running the most current versions of NeXpose without needing to interrupt scans in progress to complete the NSE update.

 

Additional APIs for easier scan engine management


  • New API functions enable you to remove NSEs that are no longer in use, modify settings for existing NSEs, and save configuration settings to set up new NSEs. Settings you can save to new NSEs include: name, priority, IP address, port for receiving console requests, and associated sites.

 

Vulnerability checks


  • Adobe Flash Arbitrary Filesystem Traversal Vulnerability
  • Adobe Flash Data Injection Vulnerability
  • Adobe Flash getProperty Memory Corruption Vulnerability
  • Adobe Flash JPEG Processing Heap Overflow Vulnerability
  • Adobe Flash Memory Corruption Vulnerability
  • Adobe Flash parseExceptionHandlers Integer Overflow Vulnerability
  • Adobe Reader Doc.media.newPlayer Memory Corruption Vulnerability
  • Expression Web 3 Service Pack 1 (KB976594)
  • JRE Audio and Image File Buffer and Integer Overflow Vulnerabilities
  • JRE DER Decoding and HTTP Header Denial of Service Vulnerability
  • JRE HMAC Digest Flaw
  • JRE Untrusted Application Privilege Escalation Vulnerability
  • MFSA2009-65: Firefox Browser Engine Code Execution Vulnerability
  • MFSA2009-65: Firefox Browser Engine Memory Corruption Vulnerability
  • MFSA2009-65: Firefox Browser Engine Remote Code Execution Vulnerability
  • MFSA2009-65: Firefox Javascript Engine Code Execution Vulnerability
  • MFSA2009-66: Firefox liboggplay Memory Corruption Vulnerability
  • MFSA2009-67: Firefox libtheora Integer Overflow Vulnerability
  • MFSA2009-68: Firefox NTLM Reflection Vulnerability
  • MFSA2009-69: Firefox SSL Spoofing Vulnerability
  • MFSA2009-69: Firefox URL Spoofing Vulnerability
  • MFSA2009-70: Firefox Chrome window.opener Privilege Escalation
  • MFSA2009-71: Firefox GeckoActiveXObj COM-Object Enumeration Vulnerability
  • RHSA-2009-1601: kdelibs security update
  • RHSA-2009-1615: xerces-j2 security update
  • RHSA-2009-1616: tomcat security update for Red Hat Network Satellite Server
  • RHSA-2009-1617: tomcat security update for Red Hat Network Satellite Server
  • RHSA-2009-1618: mod_jk security update for Red Hat Network Satellite Server
  • RHSA-2009-1619: dstat security update
  • RHSA-2009-1620: bind security update
  • RHSA-2009-1625: expat security update
  • RHSA-2009-1635: kernel-rt security, bug fix, and enhancement update
  • RHSA-2009-1636: JBoss Enterprise Application Platform 4.3.0.CP07 update
  • RHSA-2009-1637: JBoss Enterprise Application Platform 4.2.0.CP08 update
  • RHSA-2009-1642: acpid security update
  • RHSA-2009-1643: java-1.4.2-ibm security update
  • RHSA-2009-1646: libtool security update
  • RHSA-2009-1647: java-1.5.0-ibm security update
  • RHSA-2009-1648: ntp security update
  • RHSA-2009-1651: ntp security update
  • RHSA-2009-1657: flash-plugin security update
  • RHSA-2009-1658: flash-plugin security update
  • RHSA-2009-1659: kvm security and bug fix update
  • Sun Patch: Sun Management Center 3.6.1_x86: Patch for Solaris 10
  • Sun Patch: Sun Management Center 3.6.1_x86: Patch for Solaris 9
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 10
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 10_x86
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 8
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 9
  • Sun Patch: Sun Management Center 4.0: Patch for Solaris 9_x86
  • Sun Patch: Sun Ray Core Services version 4.1 Patch Update
  • Sun Patch: Sun Ray Core Services version 4.1 Patch Update SunOS 5.10_x86
  • Sun Patch: SunOS 5.10: wget patch
  • Sun Patch: SunOS 5.10_x86: kernel patch
  • Sun Patch: SunOS 5.10_x86: wget patch

Attachments

    Outcomes