Nexpose  release announcements - July-September 2012

Document created by kelly_shortt Employee on Feb 7, 2013Last modified by ryukhin on Aug 2, 2013
Version 2Show Document
  • View in full screen mode

Rapid7July-September 2012
                  Release announcements

 

 

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates on a bi-monthly basis in 2012. This page contains detailed announcements for the July, August and September 2012 Nexpose releases:

 

For information on previous coverage releases go to Nexpose Community Release Notes.

For information on the most recent full-feature release go to that Nexpose release announcement.

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 


This Rapid7® Nexpose® 5.4.6 release features an improvement to the installer.

        

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

          

Installer improvement | product

 

A local security issue related to service paths that contain a space on Windows has been corrected in new installations. Existing installations will be automatically updated. Credit Daniel Compton at NCC Group for reporting the security issue.


Product Update IDs

  
  • Linux 32 | Update ID: 1026023046
  • Linux 64 | Update ID: 3425200873
  • Windows 32 | Update ID: 1973976939
  • Windows 64 | Update ID: 2158637302

Installers
    

  Released on September 26, 2012 (see the sixth FAQ).                 

md5sum files
      

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:      

 

<go to top>


This Rapid7® Nexpose® 5.4.5 release features new and updated checks and improvements to scan accuracy and the installer.                                      

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

    

Checks for Internet Explorer flaws | content

New checks detect Internet Explorer vulnerabilities reported in Microsoft's out-of-band security bulletin published on September 21, 2012. For more information, go to http://technet.microsoft.com/en-us/security/bulletin/ms12-sep.

      

Bi-monthly vulnerability check update | content

      

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

      

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

    

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

      

Accuracy improvements | product      

 

Accuracy improvements help you to assess your security posture and prioritize remediation efforts more effectively.

 

  • A corrected defect eliminates false positives for checks related to JBoss Enterprise Middleware on Red Hat Enterprise Linux.
  • A vulnerability check for anonymous FTP uploads has been improved to eliminate false positives in certain cases.
  • Checks are better at detecting enabled auto-complete fields that contain sensitive data. This can improve the accuracy of Web spider scans.

 

Installer improvements | product

 

  • The application's installer now correctly recognizes Ubuntu 12.04 64-bit as a supported platform.
  • The executable path for the application's service on new and existing Windows installations is now escaped.

 

Product Update IDs

  • Linux 32 | Update ID: 1368253711
  • Linux 64 | Update ID: 19767449
  • Windows 32 | Update ID: 1457451167
  • Windows 64 | Update ID: 1083694375

Content update ID

  • Update ID: 976958579

Installers
      

  Released on August 29, 2012 (see the sixth FAQ).                   

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose® 5.4.4 release contains the following updates:

    

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.


Fingerprinting  improvement | product

 

Windows 8 is now fingerprinted to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.


September 2012 Patch Tuesday checks | content


New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for September 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for September 2012. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.


PCI scan template improvement | content


The built-in PCI scan template has been optimized for better scan performance over the Internet.


Usability improvement | content


The URLs used in solutions for Oracle Java vulnerabilities now use stable locations so that you can get the supplemental solution information you need to remediate vulnerabilities.

Bi-monthly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VMware
    • ESX
    • ESXi

Product Update IDs
    

  • Linux 32 | Update ID: 4208174427
  • Linux 64 | Update ID: 3083650041
  • Windows 32 | Update ID: 2577751786
  • Windows 64 | Update ID: 3920227632


Content update ID

  • Update ID: 226205366

Installers
      

Released on August 29, 2012 (see the sixth FAQ).                   

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose® 5.4.3 release contains the following updates:          

                      

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

 

Fingerprinting  improvement | product        

 

Improved fingerprinting for IBM, HP, NRG, Lexmark, and Avery Dennison printer equipment helps you to track these assets better and present more accurate information on vulnerabilities.

 

Coverage improvements | product

 

A false positive for CVE-2012-1667 on ISC BIND 9.6.x versions has been resolved.

 

Engine connection improvements | content

 

A bug fix ensures that connections to hosted engines can recover when network disruptions occur.

                                

Bi-monthly vulnerability check update | content                        

        

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

        

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

      

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

          

Product Update IDs
    

      

  • Linux 32 | Update ID: 3569510860
  • Linux 64 | Update ID: 2590433423
  • Windows 32 | Update ID: 2578497124
  • Windows 64 | Update ID: 584601965

Content update ID

  • Update ID: 4099580436

 

Installers
      

  Released on August 29, 2012 (see the sixth FAQ).          

        

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose® 5.4.2 release contains the following updates:      

                   

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

 

Improved content coverage | content    

  • The Web spider's cross-site scripting detection has been improved.
  • A cipher compatibility issue on some HTTPS sites has been corrected.


Product Update IDs
      

  • Linux 32  | Update ID: 3983323007
  • Linux 64  | Update ID: 1797354783
  • Windows 32  | Update ID: 1256232639
  • Windows 64  | Update ID: 1112223627
        

Content update ID

    

  • Update ID: 2576960358
          

Installers
      

  Released on August 8, 2012 (see the sixth FAQ).                   

md5sum files
        

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose® 5.4.1 release contains the following updates:      

                  

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

 

Fingerprinting  improvement | product    

 

Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

  • Improved fingerprinting for a number of devices.
  • Fingerprinting of Microsoft Host Integration Server.

 

False positives on Microsoft hotfixes | content

False positives, as reported in Microsoft Security Bulletins MS12-047 and MS12-041, have been corrected to ensure better tracking of security assets

 

Vulnerability checks for August 2012 Patch Tuesday exposures | content

 

  New  vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for August 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for August 2012. Use the checks in this content update to verify that the latest Microsoft patches have been applied to system assets.

                              

Bi-monthly vulnerability check update | content                    

    

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

    

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

  

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

        

Product Update IDs

 

  • Linux 32                    | Update ID: 3360177378
  • Linux 64                    | Update ID: 4038634561
  • Windows 32                | Update ID: 463528989
  • Windows 64                | Update ID: 4134169422

    

Content update ID
    

                    

  • Update ID: 4122285428

      

Installers
  

  Released on July 25, 2012 (see the sixth FAQ).      

    

md5sum files
    

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:    

 

<go to top>


This Rapid7® Nexpose® 5.4  release includes new features and improvements for  IPv6 scanning, vulnerability category filtering in reports, Advanced Policy customization, and numerous other enhancements.
                 
These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. See the fourth FAQ.

 

 

Remember to clear your browser cache after applying this  update!

If you have made any changes to your Nexpose license, such as adding new features, restart your Security Console after applying this update.


IPv6 coverage | product

Security coverage now expands to IPv6 environments

You can now scan assets and networks with IPv6 addresses for vulnerabilities and mis-configurations. IPv6 may present another attack vector in your environment that you may not be aware of, so IPv6 coverage can expand your visibility into those threats.

Also, when scanning an IP address, the application now discovers and displays any additional addresses for that asset. For example, you may be aware of an asset's IPv4 address, which you have added to a site configuration. If the asset has any additional IP addresses, such as an IPv6 address that you're not aware of, the application discovers it and displays it along with other detailed information about that asset. This allows you to scan the newly discovered address and extend your visibility into the security and risk in your environment.

This ability to discover additional addresses enriches filtered asset searches: Using the new Other IP address filter, you can find assets with known IPv4 addresses that also have previously undiscovered IPv6 addresses. Or you can find assets with known IPv6 addresses that also have previously undiscovered IPv4 addresses. New fields that are available in CSV export allow you to export this data as well. Finding these assets allows you to track and scan all addresses associated with them for greater breadth of coverage.


Reporting | product & content

Vulnerability category filtering reduces reporting “noise”

When configuring reports, you can now filter vulnerabilities based on vulnerability categories. With this ability, you can produce reports with sharper focus on specific security issues to give your remediation teams the exact information they need to do their jobs and eliminate the "noise" of extraneous vulnerabilities. For example, you can generate reports that only include Adobe vulnerabilities. Or you can also exclude certain categories, such as for a particular application for which you have a patch program in place. When you generate a report, sections with filtered vulnerabilities are marked as such. See the user's guide for all report sections that can display filtered vulnerabilities.

CyberScope

In support of this expanded filtering capability, vulnerability categories have been increased and refined for more granular groupings of vulnerabilities. Scan template configurations also benefit from this improved categorization, so that scans can target more specific security flaws.

The API also supports vulnerability category filtering in reports.

For more information about changes in Nexpose related to this feature, see  Changes to vulnerability categories.


Configuration assessment | product

Policy customization addresses specific compliance needs

You can now create custom policies based on FDCC or USGCB configuration policies that are provided with the application, depending on your license. This allows you to tailor policies to ensure that the unique security requirements in your environment are being adhered to. For example, you can customize a policy for the number of incorrect logon attempts that trigger a lockout by your authentication service. To begin customizing a built-in FDCC or USGCB policy, simply click the Copy icon for that policy. The policy editor in the Web interface features an easy-to-navigate "tree" hierarchy of polices and their constituent groups, sub-groups, and rules. You can also search a policy to easily find the rules that you want to modify.

CyberScope

NOTE: Policy editing is a separately licensable option and requires the Advanced Policy Engine to be enabled. To discuss pricing and upgrade options, contact your account representative.


Scan performance and accuracy  | product

Scan improvements enhance performance and accuracy

  • A new Defeat Rate Limit control, available in the Discovery Performance page of the scan template configuration panel, enforces the Minimum Packets Per Second rate setting when scan targets impose rate limitations. This can enhance scan performance.
  • You can now enable the Web spider to determine if authentication forms accept commonly used user names and passwords. This practice is included in Risk category A3 (Broken Authentication and Session Management) of the OWASP Top 10 Web Application Security Risks for 2010.
  • For most scan templates, the initial timeout interval and packets-per-second rates have been tuned to optimize scan speeds.
  • Authenticated scans of Windows hosts perform more efficiently when high numbers of scan threads are in use.
  • You now have better visibility into scanning results while asset discovery is in progress. Assets are scanned for vulnerabilities and policy compliance as soon as they are discovered.
  • Scan results are now integrated into the database more efficiently. The improvement is especially noticeable with large scan result sets on Security Consoles that do not enable the display of incremental scan results.
  • For scans that are scheduled to repeat, the Security Console verifies that a preceding scan job has completed before starting the next scan job. This ensures that the data from the preceding job is properly integrated into the database. If the preceding job has not completed by the time the next job is scheduled to start, an error message appears in the scan log.
  • A scheduled scan job picks up any changes made to the related scan template before it starts, ensuring that the scan runs with your intended configuration settings.
  • A bug fix ensures that scans do not use ICMP in the asset discovery phase if ICMP, TCP, and UDP asset discovery are disabled in the scan template.
  • When restarting, the Scan Engine now automatically cleans up temporary files that may have been left over from a failed scan. This prevents unnecessary use of disk space.


Security content updates since 5.3

  • We have released checks for more than 1,900 vulnerabilities since the 5.3 release.
  • Coverage improvements since 5.3 include the following:
    • Fingerprinting for Microsoft Visual Basic for Applications (Core) and Visual Basic for Applications software development kit (SDK) has been added.
    • Fingerprinting for Microsoft Groove Server 2010 and Groove Server 2007 has been added.
    • Fingerprinting for Microsoft Office Web Apps 2010 has been added.
  • In total, Nexpose now performs more than 92,000  checks for more than 31,000 vulnerabilities.


Usability | product

A number of improvements make it easier to use the Web interface for better productivity:

  • When an idle session expires, the Security Console displays a logon window. To continue the session, simply log on again. You will not lose any unsaved work, such as configuration changes.
  • A bug fix ensures that you can change which assets are included in a dynamic site by editing the site configuration. In the Assets page of a dynamic site configuration, you can click the Change connections or filters button to change asset membership, and the Security Console loads the appropriate page for this function.
  • Scan Engine names now appear in alphanumeric order in the drop-down list for site configurations. This makes it easier for you to find a Scan Engine to assign to a site.
  • Pages of the Security Console Web interface render in your browser more efficiently, so that you can view and use pages without having to wait for them to display properly.
  • The SANS Top 20 column has been removed from vulnerability tables in the Web interface. The data source for this listing is no longer maintained, so its information is no longer up to date. The SANS Top 20 report template is still available.
  • The Security Console now generates charts more efficiently.
  • Non-administrative users can now locate assets they have permission to view by operating system.
  • When you click the button to refresh Scan Engines, the Security Console explicitly refreshes only the Scan Engines currently displayed in the table. This reduces confusion and makes it clear that to refresh additional Scan Engines, you need to display them first. Also, a bug fix ensures that you can refresh all Scan Engines in a table if the table's display setting is All.


Platforms and browsers | product

  • Support for the Ubuntu 12.04 LTS 64-bit operating system expands your installation options.
  • You can now run Nexpose components on hosts with IPv6 addresses, increasing your deployment options.
  • The application now automatically supports new versions of the Google Chrome browser as they are released. This means that you can use the Security Console Web interface on any new version of Chrome.


Other improvements | product

  • The database has been optimized to reduce disk space consumption on the Security Console host.
  • If your license includes the ability to scan any asset, the Licensing page in the Security Console Web interface now displays the correct number of maximum Scan Engines, maximum assets, and maximum assets that can be scanned with hosted Scan Engines, according to your license.


Changes to vulnerability categories

How are vulnerability categories changing?

Prior to the Nexpose 5.4 release, there were 59 different vulnerability categories that could be used to customize scanning and be displayed in reports.  We are increasing the categories to over 145 unique choices. Some existing categories will be  removed or renamed.  Other categories will retain their names but have changed definitions. A full list of vulnerability categories is available here.

Why is this change happening?

We will be adding more refined reporting capability in 5.4, and this change is required to support this improvement. The categories will be more accurate and provide granular scanning and reporting for improved analysis and remediation.

What if I previously created a custom scan template and selected vulnerabilities “By Category”?

Check to see if the categories you selected have been renamed or removed.

  • If your categories have been renamed: You will need to select the new categories in the template configuration.
  • If your categories have been removed: If they are important to you, please let us know so that we can consider providing continued support in a future release.

How will reports be affected?

Reports that contain vulnerability categories will be affected, and you may see new or renamed categories.

If you have any questions or concerns, please send an e-mail to Support@Rapid7.com.


Product update IDs

  •   Linux 32                  | Update ID: 3739755199
  •   Linux 64                  | Update ID: 3823314337
  •   Windows 32              | Update ID: 3952838706
  •   Windows 64              | Update ID: 2395429073
      

Content update IDs

  • Update ID: 3474929631

Installers

  Released on August 8, 2012 (see sixth FAQ).                   

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:        

 

<go to top>


This Rapid7® Nexpose®  5.3.6 release contains the following updates:

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

 

Fingerprinting  improvement | product  


Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

  • A modification to the MySQL fingerprinter allows it to find instances running on non-standard ports.

                            

Bi-monthly vulnerability check update | content  

  

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

    

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

  

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

Product Update IDs

  • Linux 32                    | Update ID: 3050743341
  • Linux 64                    | Update ID: 3111493823
  • Windows 32                | Update ID: 3734103518
  • Windows 64                | Update ID: 3177966435

      

Content update ID
    

  • Update ID: 4043742893

                

Installers

  Released on July 25, 2012 (see the sixth FAQ).      

  

md5sum files
  

  Download the appropriate md5sum file to ensure that the installer was not corrupted during download:  

 

<go to top>


This Rapid7® Nexpose®  5.3.5 release contains the following updates:

                

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the third FAQ.

 

Fingerprinting  improvements | product  

 

Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

  • Fingerprinting for Microsoft Groove Server 2010 and Groove Server 2007 has been added.
  • Fingerprinting for Microsoft Office Web Apps 2010 has been added.

Vulnerability checks for July 2012 Patch Tuesday exposures | content

 

  New  vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for July 2012. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for July 2012. Use the checks in this content update to verify that the latest Microsoft patches have been applied to system assets.

                            

Bi-monthly vulnerability check update | content  

  

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • BIND
  • CentOS
  • Cisco devices
  • IBM AIX
  • Java Runtime Environment
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSL
  • Oracle Linux
  • PHP
  • Red Hat Enterprise Linux
  • Solaris
  • VMware

  

These checks help prevent security breaches that could allow hostile parties to take control of affected systems, gain access to confidential data, disrupt business operations, or cause other problems.

 

Product Update IDs
    

  
  • Linux 32  | Update ID: 1639441452
  • Linux 64| Update ID: 3460158554 
  • Windows 32 | Update ID: 2742076796
  • Windows 64 | Update ID: 310552393
      

Content update ID
      

                      
  • Update ID: 3677417628

 

<go to top>


Attachments

    Outcomes