Metasploit Pro 4.3.0 Update 2012062001

Document created by todb Employee on Jun 20, 2012Last modified by ckirsch on Jun 20, 2012
Version 2Show Document
  • View in full screen mode

Summary

 

This weekly update brings nine new modules, including exploits for Boa HTTP Server, F5 BIG-IP, WordPress, Microsoft Internet Explorer, Lattice Semiconductor PAC-Designer, TFM MMPlayer, ComSndFTP, and EZHomeTech EzServer. Notably, the Internet Explorer exploit is unpatched at the time of this update's release.

 

In addition, this update also includes a fix for a cross-site scripting vulnerability in Metasploit's web UI. Thanks to Borja Merino for the vulnerability report.

 

New Modules

 

 

Bug Fixes

 

  • #6607 Web server properly shuts down after campaign stops
  • #6962 Reports now use custom names assigned by the user
  • #6974 Click on host tag to search for hosts
  • #6979 Error message for non-alphanumeric host tag is now more descriptive
  • #6986 Bruteforce log no longer shows hash
  • #6991 Report names accept underscores
  • #6992 Campaigns now save without stack trace error
  • #6993 Downloaded reports now use custom names assigned by user
  • #2503 Screenshots maintain original image size or is resized proportionately for the report (reporting enhancement)
  • #6436 IPv6 payloads are available for CMD payload exploits

 

How to Upgrade

 

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.

 

Known Issues

 

After you update Metasploit Pro, the menu and update page may not display correctly. To resolve this issue, you must clear your browser's cache for user interface to load correctly. 


Version Information

 

PRO 4.3.0 2012061301 updates to 2012062001

MSF3 4.3.0 2012061301 updates to 2012062001

Attachments

    Outcomes