product & content updates
This Rapid7® Nexpose® 5.6.6 release includes new features and improvements in reporting, compatibility, accuracy, scanning, and scan data.
These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.
Reporting | product
Vulnerability trend template
A new report template shows key vulnerability trends, so that you can easily track your security posture and the success of your remediation efforts over time. Trends include assets scanned, vulnerabilities discovered, vulnerability age, severity levels, and exploit and malware kit exposures. Learn more about the template and download it at Three-month Vulnerability Trend report in Nexpose. Then upload it using the Security Console Web interface. Find other report templates in Security Street at .
Compatibility improvements| product
New supported platforms
You can now run the application on the following newly supported Microsoft operating systems:
- Windows 8 64-bit
- Windows Server 2012 64-bit
IE rendering issue resolved on intranets
The Security Console Web interface now displays properly in Microsoft Internet Explorer when the Security Console is hosted on an intranet site.
Accuracy improvements | product & content
Improvements to how scan result data is displayed give you a clearer view of the risk in your environment:
- In specific situations, we have improved the way that we correlate assets and aggregate vulnerability data for those assets. As duplicate information has been removed, you may notice a small decrease in asset, vulnerability, and malware kit counts in your Web interface and reports.
- The vulnerability check for CVE-2013-0631 in Adobe ColdFusion no longer produces false positives on systems that return an HTTP 200 status code for all pages
Application improvements | product
Improvements to the application help you manage vulnerability exceptions better:
- Deleting a vulnerability exception for an asset in certain situations no longer removes other exceptions that were applied to the same asset.
Scanning improvements | product & content
Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:
- The Web spider now consistently avoids sensitive devices like printers if configured to do so in scan templates.
- The vulnerability check for the availability of insecure SSL/TLS ciphers now reports all available insecure ciphers rather than just the first.
Policy scanning improvements
Improvements to policy scanning help you track your compliance more effectively:
- Not Applicable (NA) policy scan results are now recorded more efficiently in the scan log.
- Adjustments to Common Platform Enumerator (CPE) restrictions in XCCDF benchmarks prevent policy checks from being run on targets for which their operating systems are not applicable.
Reporting improvements | product
The PCI Executive Summary report now includes PPTP in the list of discovered remote access services for more complete reporting coverage.
Database upgrade | product
The PostgreSQL database has been upgraded to version 9.0.13 for performance and security improvements. After applying this product update, the Security Console will restart in Maintenance Mode to apply the PostgreSQL changes and then restart again to resume normal operations.
End-of-life for 32-bit installations
Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.
Product Update IDs
- Linux 32 | Update ID: 936662221
- Linux 64 | Update ID: 2484041413
- Windows 32 | Update ID: 757860716
- Windows 64 | Update ID: 1532648331
Content update ID
Installers Released on May 29, 2013 (see the FAQ).
Download the appropriate md5sum file to ensure that the installer was not corrupted during download:
Virtual Appliances Released on May 29, 2013.
Download the Virtual Appliance Deployment Guide.