Nexpose Release Notes - October 2014

Document created by S Tempest Employee on Nov 4, 2014Last modified by S Tempest Employee on Nov 4, 2014
Version 2Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains detailed announcements for the October 2014 Nexpose coverage releases:


   

   

This Rapid7® Nexpose® 5.11.2 release contains the following improvements:                                                       

  • coverage improvements

                                                       

Recurring coverage | content

                                                       

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

                                                     

To access the portal and start  creating and sharing ideas, visit: https://rapid7support.force.com/customers/ideas/ideaList.apexp. Login information for the new eSupport Portal will arrive  today in a separate e-mail. If you do not receive an e-mail, please contact  your account manager.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

  

Installer links, md5sum links, and virtual appliance links

   

Click here for the latest installer links, md5sum links, and virtual appliance links.

   

             


   

 

This Rapid7® Nexpose® 5.11.1 release contains the following improvements:                              

  • scanning improvements
  • coverage improvement
  • accuracy improvement
  • application improvements

Scanning improvements |  content & product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

    • Improve your scan performance with Scan Engine pooling! Pooling allows you to distribute a scan amongst a pool of engines for load balancing and fault tolerance. Once configured with your sites, Scan Engine pooling can lead to faster scans, fewer delays due to failures, and more control over your scan environment.
5.11.1_1.jpg
  • Improvements have been made to the scalability and performance of the Security Console. These new enhancements can significantly decrease all of your scan times and reduce memory consumption by allowing an increase in maximum parallel workload.

Coverage improvements |  content & product

New coverage expands your visibility into assets and threats in your environment:

  • Coverage has been added for the NAT-PMP exposures described in R7-2014-17.

Accuracy improvements |  content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Service fingerprinting for HTTP, SSH and SNMP, has been improved.

Application improvements | product

 

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • An issue that caused the CVE-ID Asset Filter to not return assets with vulnerabilities found on certain ports was corrected.
  • The page for a scan now more accurately displays its current progress. You can now view what assets are in progress and what assets are completed. You can also see the current status of completed assets.
5.11.1_2.jpg
  • The Scan Engine used for a scan is now shown in the Past Scans table on the Global Scan History page. This new feature allows you to quickly find which Scan Engines are associated with scans so you can diagnosis and troubleshoot scan issues.
  • You can now schedule when updates to the application will be applied. You can use this feature to minimize the impact that updates have on your services. For example, you can schedule your updates to happen during downtime to avoid interruptions to normal scan schedules.
5.11.1_3.jpg

                              

Recurring coverage | content

                              

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

Product Update IDs

 

  • Linux 64 | Update ID: 1086634312
  • Windows 64 | Update ID: 1395866322

 

Content update

 

  • Update ID: 947714849

 

Installer links, md5sum links, and virtual appliance links

 

Click here for the latest installer links, md5sum links, and virtual appliance links.


FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


   

 

This Rapid7® Nexpose® 5.10.15 release contains the following improvements:                      

  • POODLE coverage
  • Patch Tuesday checks
  • coverage improvements
  • accuracy improvements
  • application improvements

 

POODLE Coverage

 

  • Coverage has been added for the POODLE vulnerability (CVE-2014-3566), which affects the SSL protocol version 3.0.
  • In response to the POODLE vulnerability (CVE-2014-3566), the Security Console has been modified to reject HTTPS connections that use SSL version 3.0 protocol. The console will only support connections that use TLS 1.0, TLS 1.1, and TLS 1.2 protocols.

     

    All browsers supported by the Security Console use TLS 1.0 and later; however, for older HTTPS clients that are not able to use this protocol, you can configure the console to accept connections over SSL version 3.0 by creating or editing the CustomEnvironment.properties file.

    Add the following line to the CustomEnvironment.properties file located at [INSTALLATION_PATH]/nsc/CustomEnvironment.properties:

     

    com.rapid7.nexpose.nsc.sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2,SSLv3


    You can also configure the console to accept connections that utilize SSLv23 by adding the following line to the CustomEnvironment.properties file located at [INSTALLATION_PATH]/nsc/CustomEnvironment.properties:

     

    com.rapid7.nexpose.nsc.sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2,SSLv3,SSLv2Hello

     

    If the file does not exist, create it in the specified location.

     

    Important: Restart the Security Console to apply this change.

 

October Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for October 2014. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for October 2014. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.


Coverage improvements |  content & product


New coverage expands your visibility into assets and threats in your environment:

  • Coverage for insecurely configured X11 services as described in CVE-1999-0526 has been added.
  • The application now supports new CIS (Center for Internet Security) policies that provide compliance coverage for Microsoft SQL Server 2008 R2 and Microsoft SQL Server 2012.

 

Accuracy improvements |  content & product


Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • The solution and references for the TLS/SSL Server Supports Weak Cipher Algorithms vulnerability have been updated to include the latest information in the Web interface and Audit report.
  • Coverage has been improved for vulnerabilities reported in Microsoft Security Bulletins MS13-091, MS13-054, and MS12-081.
  • An issue that could prevent weak SSLv3 ciphers from being detected when a server does not accept SSLv2 connections has been resolved.

 

Application improvements | product

 

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • You can now sort by two new filters on the Vulnerability page.
    • The new CVE ID filter allows you to search by CVE identifers. For example, Shellshock/Bash Bug AKA CVE-2014-6271 and CVE-2014-7169 are searchable with this new feature.
    • Another filter allows you to isolate vulnerabilities based on vulnerability categories such as Adobe, Telnet, Apple, etc. so you can track vulnerabilities associated with those particular services or products.

                  

Recurring coverage | content

                  

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

                

To access the portal and start  creating and sharing ideas, visit: https://rapid7support.force.com/customers/ideas/ideaList.apexp. Login information for the new eSupport Portal will arrive  today in a separate e-mail. If you do not receive an e-mail, please contact  your account manager.


Coming Soon!

 

  • An improved, comprehensive view of your vulnerabilities is coming soon. Nexpose will start to merge the latest vulnerability results over multiple scans in the Web interface and in reports. For example, if you modify your site's scan template to check for a zero-day vulnerability and run a scan, the zero-day vulnerability results will be merged into a consolidated view. You will continue to be able to view the results from a specific scan, such as the most recent one. This improvement may impact your risk scores and the amount of vulnerabilities displayed in the Web interface and in reports. We will keep you posted on the ship date and additional details as we get closer to launch!


Product Update IDs

 

  • Linux 64 | Update ID: 3964278593
  • Windows 64 | Update ID: 778820919

 

Content update

 

  • Update ID: 1203719010

 

Installer links, md5sum links, and virtual appliance links

 

Click here for the latest installer links, md5sum links, and virtual appliance links.


FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


   

 

This Rapid7® Nexpose® 5.10.14 release contains the following improvements:                

  • coverage improvements
  • accuracy improvement

Coverage improvements |  content & product

New coverage expands your visibility into assets and threats in your environment:

  • The application now supports a new Defense Information Systems Agency (DISA) policy that provides compliance coverage for the Red Hat Enterprise Linux 5 (RHEL 5) operating system.

Accuracy improvements |  content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Coverage has been improved for vulnerabilities reported in Microsoft Security Bulletin MS12-049.

                

Recurring coverage | content

                

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

              

To access the portal and start  creating and sharing ideas, visit: https://rapid7support.force.com/customers/ideas/ideaList.apexp. Login information for the new eSupport Portal will arrive  today in a separate e-mail. If you do not receive an e-mail, please contact  your account manager.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

FAQ

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.

 

Product Update IDs

 

  • Linux 64 | Update ID: 3794895035
  • Windows 64 | Update ID: 2457824746

 

Content update

 

  • Update ID: 1800707269

 

Installer links, md5sum links, and virtual appliance links

 

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

 


   

This Rapid7® Nexpose® 5.10.13 release contains the following improvements:                                                           

  • coverage improvements
  • accuracy improvement
  • scanning improvement
  • application improvements
  • recurring  coverage


Coverage improvements |  content & product


New coverage expands your visibility into assets and threats in your environment:

  • The application now supports a new Defense Information Systems Agency (DISA) policy that provides compliance coverage for the Red Hat Enterprise Linux 5 (RHEL 5) operating system.
  • Authenticated coverage has been added for the Shellshock-related Bash vulnerabilities CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278.
  • A new informational check has been added to detect X.509 certificates that are signed using algorithms based on SHA-1. Mozilla, Google, and Microsoft plan to deprecate SHA-1 as a trusted hashing algorithm. In the future, its use will be flagged as insecure to users visiting the site.

 

Accuracy improvements |  content & product


Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We’ve improved the clean-up process for unauthenticated coverage for the Shellshock Bash bug vulnerability (CVE-2014-6271) for Web application scans.
  • Scans now identify instances of Apache HTTPD with a default index page for all HTTP response codes. A default page can be an indication that the Web site may not be completely configured, which can have security implications.
  • False positives have been corrected for vulnerability content referenced in the Microsoft knowledge base article KB951847.

 

Scanning improvement |  product

 

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • When a target that is being scanned goes offline, the Security Console stops the scan of that target and displays its status as Incomplete. These changes improve the use of scanning resources and provide more accurate scan status reporting.

 

Application improvements | product

 

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • The Reporting Data Model includes new information to expand your query options and reporting capabilities:
    • The date that a vulnerability was last modified, for example, in its description or solution, allows you to track changes to vulnerability information.
    • The fingerprinting certainty level for disovered services allows you to track scanning accuracy.
    • Credential success status allows you to track the percentage of assets on which the application successfully authenticated during scans.
  • Enhancements optimize the memory available on 8-GB installations.
  • With the new ability to import and export scans using the API ruby gem, you can now move scan data across Security Consoles. See a blog about this capability.

        

Recurring coverage | content

        

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.


Send us your ideas!

 

As part of the all new eSupport portal, this new product enhancement submission feature enables Nexpose customers to log on and submit product suggestions. The new process is a faster, more streamlined approach to submitting requests. It also provides more visibility into the status of submitted enhancement requests, and gives clients the ability to vote and comment on ideas submitted by other Nexpose users.

            

To access the portal and start  creating and sharing ideas, visit: https://rapid7support.force.com/customers/ideas/ideaList.apexp. Login information for the new eSupport Portal will arrive  today in a separate e-mail. If you do not receive an e-mail, please contact  your account manager.


Product Update IDs

  • Linux 64 | Update ID: 1701550149
  • Windows 64 | Update ID: 3028779518

Content update

  • Update ID: 405680843


Installer links, md5sum links, and virtual appliance links

 

Click here for the latest installer links, md5sum links, and virtual appliance links.


FAQ

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


   

Attachments

    Outcomes