AppSpider release announcements for April 2017

Document created by Gary Sabala Employee on Apr 12, 2017Last modified by Gary Sabala Employee on Apr 27, 2017
Version 5Show Document
  • View in full screen mode

Rapid7 releases coverage updates for AppSpider to help you protect your environment against ever-evolving security threats. This page contains detailed announcements for the most recent AppSpider coverage releases:

 

  • AppSpider Pro Release 6.14.060: April 26, 2017
  • AppSpider Pro Release 6.14.059: April 12, 2017

________________________________________________________________________________ _____

AppSpider Pro 6.14.060 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Updated AppSpider SOAP API to add attack module name in configDefault response so it can be displayed correctly.
  • Updated nginx.exe to utilize Microsoft Security Advisory on remote code execution. Windows 7, Windows Server 2008 R2, Windows Vista and Windows Server 2008: KB2533623 must be installed on the target platform. Resolves -CVE-2017-5236
  • Resolved buffer over flow crash in the AppSpider command line tool for inputs.  Resolves -CVE-2017-5240
  • Fixed re-login failure due to hidden browser initialization routine failures.

Rapid7 thanks Karn Ganeshen for privately reporting the CVE issues.

 

AppSpider Pro 6.14.059 Release:

Application enhancements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Resolved issue of parameter analyzer making requests outside of parameter restriction.
  • Digitally signed all AppSpider binaries in the installation process.
  • Updated AppSpider SOAP API to add attack module name in configDefault response so it can be displayed correctly.
  • Modified the behavior of HTTP Headers provided vie Extra Header config property - the values are now locked throughout the whole scan.
  • Fixed issue with missing references to CWE reports within the AppSpider reports.
  • Fixed issue of failed Bootstrap scan showing the wrong status.
1 person found this helpful

Attachments

    Outcomes