NeXpose Release May 2, 2011

Document created by mburstein Employee on Jun 7, 2011Last modified by mburstein Employee on Nov 1, 2011
Version 2Show Document
  • View in full screen mode

Rapid72011-05-02 content and product updates
                  Pre-release announcement


This Rapid7® NeXpose® 4.11.4 release features improved scanning and fingerprinting and updated checks.


These release notes document what's new in the next NeXpose release. Your NeXpose installation will automatically download and install content updates. If you have enabled NeXpose to install product updates, it will do so as well. See the third FAQ.


Improved vulnerability information | content

Better vulnerability information helps you understand, and respond to, security issues:
  • Remediation descriptions have been updated for all Microsoft Windows versions for a vulnerability related to the display of the most recently entered user name on logon screens.
  • Improved remediation information for disabling TCP timestamps on Windows platforms helps you to keep these platforms more secure.
  • Improved display of information for a now-obsolete check for a vulnerability reported in Microsoft Security Bulletin MS10-018 ensures that assets with that vulnerability appear as expected in the Web interface.
  • Solution information for Cisco IOS vulnerabilities now covers the most recently released version.

Bi-monthly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:    
  • Adobe Flash
  • Adobe Reader
  • Apache
  • Apple QuickTime
  • CentOS
  • Cisco devices
  • Java Runtime Environment
  • Mozilla Firefox
  • OpenSSL
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware
These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

Broader scope and better performance for Web scanner | product

The Web Application scanner now features broader coverage for XPATH injection vulnerabilities and better performance due to HTTP response caching. These improvements mean faster and more comprehensive scan results for Web assets.    

Fingerprinting improvements | product

Fingerprinting improvements provide better identification and tracking of assets:
  • The product selects a UDP port randomly for IP stack OS fingerprinting when scanning with this setting enabled and UDP port scanning disabled in the scan template.
  • The product now features improved storage and analysis of the banner for service and OS fingerprinting when encountering non-UTF-8 data obtained from telnet banners on some targets.
  • The product identifies all installed versions of Oracle JRE for complete coverage of this platform.
  • The product no longer fingerprints Adobe Font Pack as Adobe Reader.
  • The product features improved handling of the following fingerprinting scenarios:  
    • A target returns unexpected data in "ICMP port unreachable" messages in response to a port scan or IP stack fingerprinting.
    • A target returns unexpected, non-option data in IP or TCP option fields in response to a port scan or IP stack fingerprinting.
    • A target returns incomplete, but otherwise valid, IP or TCP options in response to a port scan or IP stack fingerprinting.
    • A target sends a large, unexpected, but perfectly valid, TCP ISN in response to a port scan or IP stack fingerprinting.

Scanning improvements | product

Scanning improvements provide better security coverage:
  • The product now features better management of resources for analyzing responses to TCP probes against TCP services.
  • When running remote checks, the product constrains Unix-specific checks to run only on UNIX targets.
  • A check for a vulnerability related to escape characters on Microsoft IIS runs only on affected versions.
  • A check for a vulnerability related to authentication method disclosure on Microsoft Windows IIS runs only on unaffected versions.

Frequently asked questions (FAQs)

  • How will I know NeXpose has updated with this specific release?
    All updates are listed on the News page of the NeXpose Security Console Web interface.
  • Why doesn’t the most recent date on the News page match the dates of the current updates on the Administration page?
    You may occasionally notice that the most recent date on the News page does not match the dates of the current updates listed on the NeXpose Security Console administration page. The dates on the News page are official release dates. The dates on the console page indicate when updates were actually applied to your NeXpose installation.
  • What are content updates, and what are product updates?
    Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies. Product updates include performance improvements, bug fixes, and new features in NeXpose.
  • Why are installers not updated with every release?
    To help you stay on top of an ever-growing number of security threats, Rapid7 makes the delivery of new security content timely and convenient.  After installation and first-time start-up, NeXpose continues to update itself dynamically. This makes it unnecessary for Rapid7 to update installers  with every release of security content. So, you don't have to download installers every time new content is available.
  • Does this dynamic self-updating cause NeXpose to restart?
    Yes. You may notice NeXpose taking longer to start for the first time after installation. You may also notice it restarting more than once as it completes a required sequence of updates.
  • Where can I get more information about this release?
    Interact with the Rapid7 Community by joining our e-mail list, registering on the Wiki, and joining us on the Rapid7 IRC Channel. For more information, go to
Rapid7: Recipient of Highest Ranking in Vulnerability Management 2010
from Gartner and Forrester: