Nexpose 5.4 vulnerability category changes

File uploaded by mglinski Employee on Aug 7, 2012Last modified by mglinski Employee on Aug 7, 2012
Version 2Show Document
  • View in full screen mode

In the Nexpose 5.4 release, there have been changes made to the categories of vulnerabilities. New categories have been added, some category names have changed, some category definitions have changed, and some categories have been removed. This PDF lists all vulnerability categories as of the 5.4 release (August 8, 2012).


The categories have been grouped into 5 major classes: Vendor (ie. Apple), Vendor+Product (ie. Apple Quicktime), product class (Database, Browsers), vulnerability type (ie. CSRF, Remote Execution), and protocol (ie. HTTP, CIFS).


Future changes to vulnerability categories will happen in Content updates as well as Product Updates. To view the most current version of categories, open any Scan Template and go to  Vulnerability Checks. Then, in the Selected Checks section, expand "By Category" and you'll be able to see all possible vulnerability categories. Just click "Add Categories".