Nexpose release announcements - April 2013

Document created by ryukhin on Apr 29, 2013Last modified by ryukhin on Jun 4, 2013
Version 7Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates on a weekly basis. This page contains detailed announcements for the April 2013 Nexpose coverage releases:

For information on previous coverage releases go to Nexpose Release Notes (archive).For information on the most recent full-feature release go to that Nexpose release announcement. For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.
This Rapid7® Nexpose® 5.5.19 release contains the following updates:
  • application improvement
  • accuracy improvement
  • scanning improvement
  • new and updated checks
    These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Application improvement | product

You can now properly generate Certificate Signing Requests when the Security Console is configured in FIPS mode.

Accuracy improvement | content

Adobe Acrobat is now properly fingerprinted to provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

Scanning improvement | content

A new template has been added to provide a full audit scan of your environment without Web scanning to reduce scan times and improve scheduling.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:
  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Product Update IDs

  • Linux 32 | Update ID: 2200818707
  • Linux 64 | Update ID: 2683655779
  • Windows 32 | Update ID:  4169228198
  • Windows 64 | Update ID:  3812946272

Content update ID

  • Update ID: 3884094731

Installers

  Released on April 17, 2013 (see the FAQ).    

md5sum files  

              Download the appropriate md5sum file to ensure that the installer was not corrupted during download:
This Rapid7® Nexpose® 5.5.18 release contains the following updates:
  • April 2013 Patch Tuesday checks
  • accuracy improvements
  • coverage improvements
  • new and updated checks
These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

April 2013 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for April 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for April 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Application improvements | product

The PCI Executive Summary report has been updated to include SNMP in the list of discovered remote access services.

Accuracy improvements | content

A vulnerability check for CVE-2013-0631 mentioned in Adobe security bulletin APSB13-03 has been improved to work properly against HTTP/HTTPS targets that return redirects for all requests to help you to assess your security posture and prioritize remediation more effectively.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:
  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Product Update IDs

  • Linux 32 | Update ID:  3333802160
  • Linux 64 | Update ID: 1814807859
  • Windows 32 | Update ID:  3539934016
  • Windows 64 | Update ID:  1687504624

Content update ID

  • Update ID: 3653541492

Installers

  Released on March 20, 2013 (see the FAQ).         

md5sum files

    Download the appropriate md5sum file to ensure that the installer was not corrupted during download:   
This Rapid7® Nexpose® 5.5.17 release contains the following updates:
  • accuracy improvements
  • coverage improvements
  • new and updated checks
These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:
  • Vulnerability checks that examine HTTP headers in response to HTTP requests have been improved to indicate what headers were inspected.
  • Check proofs for various ActionScript vulnerabilities have been improved to include the vulnerable URL in the results,so that tools that analyze scan logs and reports to uniquely identify instances of these vulnerabilities.

Accuracy improvements | content

Fingerprinting improvements help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.
  • Fingerprinting of Cisco IOS devices has been improved to favor more accurate SNMP system fingerprints over less accurate HTTP and SSH fingerprints when assets have these services exposed.
  • Fingerprinting of Citrix NetScaler devices using NTP has been improved, resulting in more accurate system fingerprints for devices exposing this service.

Coverage improvements | content

New coverage expands your visibility into assets and threats in your environment:
  • Coverage for the Adobe ColdFusion vulnerability mentioned in the Adobe security bulletin APSB13-03 has been added.
  • Vulnerability checks have been added for recent Ruby on Rails serialization vulnerabilities as described in CVE-2013-0156 and CVE-2013-0333.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:
  • Adobe
    • AIR
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Product Update IDs

  • Linux 32 | Update ID:  3156996678
  • Linux 64 | Update ID: 3482461478
  • Windows 32 | Update ID:  589516358
  • Windows 64 | Update ID:  3084978769

Content update ID

  • Update ID: 510921328

Installers

  Released on March 20, 2013 (see the FAQ).

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

Attachments

    Outcomes