NeXpose Release July 26, 2010 (Content)

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

This release features updated vulnerability coverage.


Additional default account checks

  • New checks for default account user names and passwords address a high-risk security issue. The product flags default credentials as vulnerabilities, which attackers can easily exploit for access to sensitive assets.


Bi-monthly vulnerability check update

  • New vulnerability and patch checks bring the product up to date with recently announced vulnerabilities in the following operating systems and applications:
    o Red Hat Enterprise Linux
    o CentOS
    o Solaris
    o Cisco devices
    o Mozilla Firefox
    o Adobe Reader
    o Adobe Flash
    o Java Runtime Environment
    These vulnerability and patch checks address software flaws that could allow hostile parties to take control of affected systems.


Vulnerability checks

The release includes the following vulnerability checks:


  • Cisco IOS Hard-Coded SNMP Community Name Vulnerability
  • Cisco IOS HTTP access with Cisco/Cisco credentials
  • Cisco IOS HTTP access with cisco/cisco credentials
  • Cisco IOS HTTP access with null/cisco credentials
  • Cisco IOS HTTP access with root/Cisco credentials
  • Cisco IOS HTTP access with root/cisco credentials
  • RHSA-2010:0503: acroread security update
  • CESA-2010:0504: kernel security and bug fix update
  • CESA-2010:0528: avahi security update
  • CESA-2010:0534: libpng security update
  • FTP access with admin/null credentials
  • FTP access with admin/passwd credentials
  • FTP access with admin/password credentials
  • FTP access with administrator/null credentials
  • FTP access with administrator/passwd credentials
  • FTP access with administrator/password credentials
  • RHSA-2010:0504: kernel security and bug fix update
  • RHSA-2010:0528: avahi security update
  • RHSA-2010:0534: libpng security update
  • CESA-2010:0505: perl-Archive-Tar security update
  • CESA-2010:0519: libtiff security update
  • CESA-2010:0520: libtiff security update
  • CESA-2010:0533: pcsc-lite security update
  • RHSA-2010:0505: perl-Archive-Tar security update
  • RHSA-2010:0519: libtiff security update
  • RHSA-2010:0520: libtiff security update
  • RHSA-2010:0533: pcsc-lite security update
  • Oracle CPU July 2010: OLAP
  • RHSA-2010:0518: scsi-target-utils security update
  • RHSA-2010:0521: gfs-kmod security update
  • Sun Patch: CDE 1.5_x86: ToolTalk patch
  • Sun Patch: CDE 1.6: ToolTalk RPC patch
  • Sun Patch: CDE 1.6_x86: ToolTalk RPC patch
  • MySQL ExtractValue() and UpdateXML() Scalar XPath Denial of Service
  • Oracle CPU July 2010: Export
  • Oracle CPU July 2010: Network Layer