NeXpose Release Feb 26, 2010

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

This Rapid7® NeXpose® release features improved PCI scanning, enhanced Windows Server 2008 patch coverage, and new vulnerability checks.


Improved PCI scanning

  • Increased scan accuracy of Oracle targets and more comprehensive vulnerability checks make NeXpose an even more effective PCI compliance tool, allowing detection of additional issues that may put your environment at risk.
    Enhanced Windows Server 2008 patch coverage
  • Patch scanning for Windows Server 2008 and Windows Server 2008 R2 through Windows Management Instrumentation (WMI) enhance NeXpose coverage of software flaws in these Windows servers.
    Bi-monthly vulnerability check update
  • New vulnerability and patch checks bring NeXpose up-to-date with recently announced vulnerabilities to Red Hat Enterprise Linux and Solaris environments, Oracle databases, Cisco devices, and Mozilla Firefox browsers, as well as Adobe Reader, Adobe Flash, and the Java Runtime Environment. These vulnerability and patch checks address software flaws that could allow hostile parties to take control of affected systems.


Vunerability checks

  • APSB10-06 and APSB10-07: Adobe Reader and Flash Cross Domain Sandbox Restriction Bypass
  • APSB10-06: Adobe Flash Modified SWF file Application Crash
  • APSB10-07: Adobe Reader Unspecified Privilege Escallation
  • HTTP Basic Authentication Enabled
  • MFSA2010-01: Crashes with evidence of memory corruption
  • MFSA2010-02: Web Worker Array Handling Heap Corruption Vulnerability
  • MFSA2010-03: Use-after-free crash in HTML parser
  • MFSA2010-04: XSS due to window.dialogArguments being readable cross-domain
  • MFSA2010-05: XSS hazard using SVG document and binary Content-Type
  • MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution
  • MS09-049: Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution
  • MS09-063: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution
  • MS10-009: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
  • Nameserver Processes Recursive Queries
  • RHSA-2010:0101: security update
  • RHSA-2010:0102: flash-plugin security update
  • RHSA-2010:0103: flash-plugin security update
  • RHSA-2010:0108: NetworkManager security update
  • RHSA-2010:0109: mysql security update
  • RHSA-2010:0110: mysql security update
  • RHSA-2010:0111: kernel security update
  • RHSA-2010:0112: firefox security update
  • RHSA-2010:0113: seamonkey security update
  • RHSA-2010:0114: acroread security and bug fix update
  • RHSA-2010:0115: pidgin security update
  • Sun Patch: Sun Cluster 3.2: HA-Oracle E-business suite Patch for Solaris 10
  • Sun Patch: Sun Cluster 3.2: HA-Oracle E-business suite Patch for Solaris 9 *