Nexpose release announcements - Oct 2013

Document created by rebecca carter Employee on Oct 8, 2013Last modified by rebecca carter Employee on Nov 19, 2013
Version 5Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains detailed announcements for the most recent Nexpose coverage releases:

 

For information on previous coverage releases go to Nexpose Release Notes (archive).

 

For information on the most recent full-feature release go to that Nexpose release announcement.

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 


 

This Rapid7® Nexpose® 5.7.15 release contains the following update:

  • application improvements

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • The coverage settings for the built-in CIS scan template now includes well-known UDP ports.
  • Alternative URIs for Oracle Solaris have been updated to correspond with the new Oracle support website hierarchy.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 3495142919
  • Linux 64 | Update ID: 2806722769
  • Windows 32 | Update ID: 2663924852
  • Windows 64 | Update ID: 3907250358

 

Content update ID

 

  • Update ID: 1816678317

 

Installers

Released on October 16, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

Released on October 16, 2013.

 

Download the Virtual Appliance Deployment Guide.


 

This Rapid7® Nexpose® 5.7.14 release contains the following update:

  • accuracy improvement
  • scanning improvements
  • application improvement

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Accuracy improvement | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • A false negative has been resolved for a vulnerability check that detects obsolete versions of the Oracle Database.
  • A false negative has been resolved for a vulnerability check that looks for IRDP being enabled on assets running Windows Vista or later.
  • The remediation information for disabling SSL v2 on Windows 2008 and Windows 2008 R2 now includes the updated Microsoft URL.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Fingerprinting of Oracle Java on non-Windows platforms has been corrected. As a result, Oracle Java vulnerability checks now function properly for assets running non-Windows operating systems.

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • An issue that caused multiple instances of software packages with the same product and version names to be displayed when an asset is fingerprinted has been corrected.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

  • Linux 32 | Update ID: 3129289735
  • Linux 64 | Update ID: 161609325
  • Windows 32 | Update ID: 1578635649
  • Windows 64 | Update ID: 891450676

Content update ID

  • Update ID: 3038389507

Installers

Released on October 16, 2013 (see the FAQ).

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

Virtual Appliances

Released on October 16, 2013.

Download the Virtual Appliance Deployment Guide.


This October 10th Rapid7® Nexpose® supplemental release contains the following update:

  • accuracy improvement

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Accuracy improvement | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • False negatives have been resolved for Oracle Java checks on Windows assets.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Update IDs, installer links, md5sum links, and virtual appliance links

 

Content update ID

 

  • Update ID: 1684688279

 

Installers

Released on September 25, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

Released on August 21, 2013.

 

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.7.13 release contains the following update:

  • October 2013 Patch Tuesday checks
  • application improvement
  • accuracy improvement
  • scanning improvements
  • coverage improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

October 2013 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for October 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for October 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Accuracy improvements | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • A false positive for the vulnerability announced in Microsoft Security Advisory 2718704 has been resolved on Windows 8 and Server 2012.

Coverage improvement | content

New coverage expands your visibility into assets and threats in

  • You can now scan Cisco IOS v15 networking devices for compliance against industry standard benchmarks.This improvement requires the most recent product update.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • A bug fix ensures that users with certain permissions can save changes when editing a site.

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • Scan results no longer show duplicate fingerprints for Mozilla and Adobe programs installed on Apple OS X assets.
  • Identical software fingerprints discovered through different methods no longer appear in scan results.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

  • Linux 32 | Update ID: 2024842847
  • Linux 64 | Update ID: 768916698
  • Windows 32 | Update ID: 2604739241
  • Windows 64 | Update ID: 3138825913

Content update ID

  • Update ID: 3522157798

Installers

Released on September 25, 2013 (see the FAQ).

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

Virtual Appliances

Released on August 21, 2013.

Download the Virtual Appliance Deployment Guide.


 

This Rapid7® Nexpose® 5.7.12 release contains the following update:

  • application improvements
  • accuracy improvement
  • scanning improvements
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvements | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Only new fingerprints will show in discovered software fingerprint logs. Duplicate fingerprints for Adobe Flash have been removed.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • An issue that prevented distributed scans from successfully completing if the Security Console restarted has been corrected.
  • An issue that caused sites to not save properly when adjacent IP ranges were defined has been corrected.
  • Large risk scores no longer cause asset group related API calls to fail.

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • An authentication issue with arbitrary credentials over SSH v1.5 has been resolved.
  • MAC addresses are now properly extracted while performing authenticated scans of Cisco IOS devices with Telnet.
  • When performing authenticated scans of Cisco IOS devices exposing both Telnet and SSH, incorrect error logging has been corrected and occurrences of fingerprinting inconsistencies have been addressed.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

  • Linux 32 | Update ID: 3062318127
  • Linux 64 | Update ID: 653094495
  • Windows 32 | Update ID: 2287572754
  • Windows 64 | Update ID: 3589356091

Content update ID

  • Update ID: 2785242078

Installers

Released on September 25, 2013 (see the FAQ).

md5sum files

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

Virtual Appliances

Released on August 21, 2013.

Download the Virtual Appliance Deployment Guide.


Attachments

    Outcomes