Nexpose release announcements - February 2013

Document created by ryukhin on Mar 12, 2013Last modified by ryukhin on Apr 29, 2013
Version 4Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates on a weekly basis. This page contains detailed announcements for the February 2013 Nexpose coverage releases:

 

For information on previous coverage releases go to Nexpose Release Notes (archive).

For information on the most recent full-feature release go to that Nexpose release announcement.

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 


This Rapid7® Nexpose® 5.5.10 release contains the following update:

  • February 2013 Patch Tuesday checks
  • new and updated fingerprints

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

February 2013 Patch Tuesday checks | content

 

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for February 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for February 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

 

New and updated fingerprints | product

 

New fingerprints help you track assets and vulnerabilities in your environment:

  • Palo Alto Panorama devices via SNMP (new)
  • Palo Alto devices using HTTP and HTTPS (new)
  • Adobe Shockwave ActiveX plugin over WMI (updated)

 

Weekly vulnerability check update | content

 

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

End-of-life for Windows 2003 support

 

Rapid7 has scheduled end-of-life for Windows 2003 support in Nexpose as of February 15, 2013. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on this operating system. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

 

Product Update IDs

 

  • Linux 32 | Update ID:  3573309994
  • Linux 64 | Update ID: 548886240
  • Windows 32 | Update ID:  4060110150
  • Windows 64 | Update ID: 3618659825

 

Content update ID

 

  • Update ID: 2750589620

 

Installers

 

  Released on February 6, 2013 (see the FAQ).

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 


This Rapid7® Nexpose® 5.5.9 coverage release contains the following update:

  • fingerprinting improvements
  • coverage improvements
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Fingerprinting improvements | product

Improvements to Adobe Shockwave plug-in for Firefox and Chrome on Windows fingerprints help you track assets and vulnerabilities in your environment.

 

New and updated checks | content

The following new and updated Common Vulnerabilities and Exposures (CVE) checks improve and expand security coverage:

  • JBoss
    • CVE-2010-1428
    • CVE-2010-1429
    • CVE-2010-073
  • Universal Plug and Play (UPnP)
    • CVE-2013-0229
    • CVE-2013-0230
    • CVE-2012-5958
    • CVE-2012-5959

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk

 


This Rapid7® Nexpose® 5.5.11 release contains the following update:

  • updated fingerprints
  • coverage improvement
  • scanning improvement

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Updated fingerprints | product

 

Updated fingerprints help you track assets and vulnerabilities in your environment:

  • Adobe Reader MUI
  • Cisco WAAS devices

 

Coverage improvement | product

 

False positives for common UNIX security vulnerabilities on NIS slaves have been corrected to ensure better tracking of security assets.

 

Scanning improvement | content

 

Vulnerability correlation is now enabled by default in all relevant scan templates to help you prioritize your remediation efforts more effectively.

 

Weekly vulnerability check update | content

 

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

 

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

 

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Product Update IDs

  • Linux 32 | Update ID:  2095768988
  • Linux 64 | Update ID: 4087279281
  • Windows 32 | Update ID:  443624357
  • Windows 64 | Update ID: 3485166406

 

Content update ID

  • Update ID: 3664511567

 

Installers

  Released on February 6, 2013 (see the FAQ).

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:


This Rapid7® Nexpose® 5.5.12 release contains the following updates:

  • scan monitoring improvement
  • scanning improvement
  • Web spidering improvement

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Scan monitoring improvement | product

The monitoring of scans in progress now encompasses additional scan-processing activities to provide more accurate status.

 

Scanning improvement | content

All built-in scan templates, except for those used for PCI scanning, are no longer set to spider printers by default. By omitting these problematic devices, scans can complete faster with more actionable results.

 

Web spidering improvement | content

A fix addresses an issue in which the Web spider incorrectly rewrote certain URLs. This improvement eliminates false positives in Web spidering results.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Product Update IDs

  • Linux 32 | Update ID:  51666262
  • Linux 64 | Update ID: 3130954903
  • Windows 32 | Update ID:  3601898035
  • Windows 64 | Update ID: 1480239834


Content update ID

  • Update ID: 2503059416


Installers

  Released on February 20, 2013 (see the FAQ).


md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:


Attachments

    Outcomes