• 6.6.21 Product Update 2020-05-13

    • New

      • New vulnerability content: We added new checks for the following vulnerabilities affecting Cisco ASA that are part of the larger May 2020 Cisco Event Response Security Advisory Bundled Publication (ERP-73830):
        • CVE-2020-3187
        • CVE-2020-3125
        • CVE-2020-3259
        • CVE-2020-3254
        • CVE-2020-3196
        • CVE-2020-3298
        • CVE-2020-3191
        • CVE-2020-3195
      • Microsoft Patch Tuesday coverage: This release includes updated scan coverage for May 2020.
      • New DISA policy content: We added 2 new Defense Information Systems Agency (DISA) policies that provide coverage for Apache Server 2.4 UNIX Server and Site, respectively.

      Improvements

      • Standalone constraint validation service: The database constraint validation and remediation service that used to be tied exclusively to the backup creation process is now available as a standalone feature. Navigate to Administration > Maintenance, Storage, and Troubleshooting > Maintenance > Validate Constraints in your Security Console to run this service independently.
      • General interface improvements: We implemented several interface changes to improve your Nexpose product experience:
        • The Security Console's top and left menu styles have been updated.
        • The notification center in the upper right corner of the interface has been reworked.
        • We fixed an issue with the left menu that caused the Rapid7 logo to block menu items on screens using lower resolutions.
      • Improved detail page performance: Asset detail pages now load faster.
      • Center for Internet Security (CIS) Policy content: We updated the following existing CIS benchmarks:
        • CIS Microsoft Windows Server 2008 R2 Benchmark v3.2.0
        • CIS Microsoft Windows 7 Workstation Benchmark v3.2.0
      • Improved SSH support: The Scan Engine now supports SSH connections with larger Diffie-Hellman key exchange sizes for credentialed scanning.

      Fixes

      • We fixed an issue in the APIv3 documentation that caused some semantic and structural errors with OpenAPI Specification v2.0.
      • We fixed an issue that caused some CIS database policies rules to evaluate incorrectly.
      • We fixed an issue with our Oracle Java fingerprinting process where Java's installation location on UNIX targets was not properly recorded.
      • We fixed an issue that allowed the product to run specific UNIX-based collection processes on Windows systems during a scan.