Nexpose release announcements - October 2013

Document created by rebecca carter Employee on Nov 5, 2013
Version 1Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains detailed announcements for the most recent Nexpose coverage releases:


For information on previous coverage releases go to Nexpose Release Notes (archive).


For information on the most recent full-feature release go to that Nexpose release announcement.


For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


This Rapid7® Nexpose® 5.7.13 release contains the following update:

  • application improvement
  • accuracy improvements
  • scanning improvement
  • new and updated checks


These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvements | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • A false positive for MySQL vulnerability CVE-2012-0553 on Red Hat assets has been resolved.
  • Scans of assets that run PHP 5.3.x no longer return false positives for the following vulnerabilities: CVE-2007-1411, CVE-2007-1888, CVE-2012-2336, CVE-2012-2386, and CVE-2012-3450.
  • A false positive for Apache HTTPD vulnerability CVE-2012-0883 on Red Hat assets has been resolved.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Reports containing assets that have operating system fingerprints with identical certainties now accurately include all instances of the fingerprints.

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • The CPCA protocol on Canon assets is now properly fingerprinted.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at

Update IDs, installer links, md5sum links, and virtual appliance links are added to this announcement on the release date.

Product Update IDs


  • Linux 32 | Update ID: 988581904
  • Linux 64 | Update ID: 863082471
  • Windows 32 | Update ID: 312138886
  • Windows 64 | Update ID: 1569633144


Content update ID


  • Update ID: 1727134326


Released on September 25, 2013 (see the FAQ).


md5sum files


Download the appropriate md5sum file to ensure that the installer was not corrupted during download:



Virtual Appliances

Released on September 25, 2013.


Download the Virtual Appliance Deployment Guide.