Nexpose release announcements - June 2013

Document created by ryukhin on Jul 8, 2013
Version 1Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains detailed announcements for the most recent Nexpose coverage releases:

 

For information on previous coverage releases go to Nexpose Release Notes (archive).

 

For information on the most recent full-feature release go to that Nexpose release announcement.

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


This Rapid7® Nexpose® 5.6.11 release contains the following updates:                                              

  • application improvement
  • coverage improvement
  • new and updated checks

 

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Coverage improvement | content

Web Application vulnerabilities within Nexpose are now associated with the OWASP 2013 Top 10. Using the newly created OWASP_2013 vulnerability category, you can now run targeted scans of your environment and generate reports for targeted remediation of the top 10 issues in OWASP 2013.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

An issue has been corrected for assets that did not appear correctly in reports after multiple discovery scans were performed on the same assets.

 

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

 

Product Update IDs

 

  • Linux 32 | Update ID: 4279551245
  • Linux 64 | Update ID: 2093810779
  • Windows 32 | Update ID:  3561070470
  • Windows 64 | Update ID:  2905268015

 

Content update ID

 

  • Update ID: 3753090197

 

Installers

   Released on June 19, 2013 (see the FAQ).        

     

md5sum files      

      

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

     

      

Virtual Appliances

   Released on May 29, 2013.

     

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.6.10 release contains the following updates:                                         

  • accuracy improvement
  • application improvements
  • scanning improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvement | content

False positives for disabling TCP timestamps on Windows 2008 and 2008 R2 have been corrected to ensure better tracking of assets.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • You can now configure response timeout settings when using an update proxy server to reliably download updates in your environment.
  • You no longer need Global Administrator permissions when using the API to view the scan history for your sites.
  • PCI reports have been enhanced to address special cases that result in an automatic failure as required by the PCI ASV program guide. Vulnerabilities that are PCI special cases will now generate a special note indicating the reason for the automatic failure and where applicable the CVSS and severity scores will be adjusted to a minimum of 4.0 and medium respectively.

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Fingerprinting now correctly identifies Windows RT assets.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 2285951567
  • Linux 64 | Update ID: 229149024
  • Windows 32 | Update ID:  4106936706
  • Windows 64 | Update ID:  161756083

 

Content update ID

 

  • Update ID: 2423270634

 

Installers

   Released on June 19, 2013 (see the FAQ). 

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

   Released on May 29, 2013.

 

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.6.9 release contains the following updates:                                     

  • June 2013 Patch Tuesday checks
  • accuracy improvements
  • coverage improvements
  • scanning improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

June 2013 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for June 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for June 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Accuracy improvements | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Descriptions for several Apache HTTPD vulnerabilities have been enhanced to provide more accurate information.
  • Descriptions for several Microsoft SharePoint vulnerabilities have been enhanced to provide more accurate information.
  • Fingerprinting of Cisco Wireless LAN Controllers running SSH has been improved.

Coverage improvement | content

New coverage expands your visibility into assets and threats in your environment:

  • A vulnerability check reported in Microsoft security bulletin MS12-054 has been improved to prevent false negatives on Windows hosts.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Accuracy improvement | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Fingerprinting of Adobe AIR has been improved.

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • In certain cases, when known, valid SSH credentials previously failed the validation test, the test now returns a success message.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 3041830382
  • Linux 64 | Update ID: 2938108654
  • Windows 32 | Update ID:  2240433959
  • Windows 64 | Update ID:  1026626417

 

Content update ID

 

  • Update ID: 3382239068

 

Installers

   Released on May 29, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

   Released on May 29, 2013.

 

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.6.8 release contains the following updates:                

  • application improvements
  • scanning improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • The PCI Executive Summary and PCI Vulnerability Details reports have been improved to display tabular data that spans multiple pages more effectively.
  • SSH clients now properly validate the authentication of a credential.SSH clients now properly validate the authentication of a credential.

Scanning improvement | product

Fingerprinting of HTTP services with WebDAV capabilities has been improved, resulting in more accurate results for WebDAV-related vulnerabilities.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 3422324879
  • Linux 64 | Update ID: 2604348371
  • Windows 32 | Update ID:  689138504
  • Windows 64 | Update ID:  1120160647

 

Content update ID

 

  • Update ID: 905972808

 

Installers

   Released on May 29, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

   Released on May 29, 2013.

 

Download the Virtual Appliance Deployment Guide.

Attachments

    Outcomes