Nexpose release announcements - May 2013

Document created by ryukhin on Jun 11, 2013
Version 1Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains detailed announcements for the most recent Nexpose coverage releases:

This Rapid7® Nexpose® 5.6.4 release contains the following updates:                         

  • May 2013 Patch Tuesday checks
  • application improvements
  • scanning improvementss
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

May 2013 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for May 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for May 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Application improvements | content

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Solution summaries for Microsoft vulnerabilities are now identified by their corresponding Microsoft security bulletin IDs.
  • The PCI Executive Summary report now correctly displays all instances of Web directories within section 3b of the report (ASV special note type 1).

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Scanning improvements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Event log entries for Windows authentication now include the host names.
  • Scans are now authenticated properly on Ubuntu 10.04 and 12.04 targets with Telnet services enabled.

Product Update IDs

 

  • Linux 32 | Update ID: 3681583504
  • Linux 64 | Update ID: 2447484279
  • Windows 32 | Update ID:  923862196
  • Windows 64 | Update ID:  490567618

 

Content update ID

 

  • Update ID: 2195845136

Installers

  Released on April 24, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

 

 


This Rapid7® Nexpose® 5.6.3 release contains the following updates:

             

  • accuracy improvement
  • coverage improvements
  • scanning improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Application improvement | product

A new Vulnerability Category has been added to include all advisories with an Information Assurance Vulnerability Management (IAVM) ID.

Scanning improvement | product

The Web Spider scan template configuration includes new parameters to improve scan times. You can now customize the values for Maximum retries for spider requests and Spider response timeout, for your environment.

Accuracy improvement | content

Adobe APSB13-03 (CVE-2013-0631) is now checked only as a potential vulnerability. This vulnerability will no longer be reported unless potential vulnerabilities are explicitly included in the applied scan template.

Coverage improvements | content

New coverage expands your visibility into assets and threats in your environments:

  • Vulnerability checks for target assets running Ubuntu operating systems have been added.
  • Coverage has been added for vulnerabilities related to CVE-2010-1886.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Product Update IDs

 

  • Linux 32 | Update ID: 4266890510
  • Linux 64 | Update ID: 1412768523
  • Windows 32 | Update ID:  2773394611
  • Windows 64 | Update ID:  2131990040

 

Content update ID

  • Update ID: 3477923781

Installers

  Released on April 24, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

 


This Rapid7® Nexpose® 5.6.2 release contains the following updates:

  • accuracy improvement
  • scanning improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvement | product

Fingerprinting of Google Chrome Enterprise has been improved.

Scanning improvement | product

Scanning with SSH credentials is now faster on Sun Solaris targets running SunSSH.

Accuracy improvement | content

False positives have been corrected on the following targets:

  • Windows 8 and Server 2012 reported in Microsoft Security Bulletin MS12-074
  • Windows 2008 variants reported in Microsoft Security Bulletin MS13-036

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Product Update IDs

 

  • Linux 32 | Update ID: 2702930801
  • Linux 64 | Update ID: 3667934434
  • Windows 32 | Update ID:  2367019147
  • Windows 64 | Update ID:  2362106062

 

Content update ID

 

  • Update ID: 2874511098

 

Installers

  Released on April 24, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

Attachments

    Outcomes