I'm fairly new to AppSpider so I assume I'm missing something obvious, but I've been looking though the various guides on your website and don't see my answer. How do I suppress a false positive in a scan? I would prefer to do it locally for a particular scan on a particular page, but the only place I've found in the app that looks like it might suppress findings is under Tools | Global Finding Repository. I'm guessing that checking the right-most "ignore" column would suppress the finding for all scans. Correct? Is that the only way to suppress it? Also, the particular finding I want to suppress is called "Hard-Coded Password." That shows up in the Global Findings three separate times, and for each one the URL field is blank. What is the difference between them? Is one of them perhaps from the particular scan where I want to suppress the finding? Thanks for the help.
Posted by Brian about a year ago
We have a few 2012R2 hosts getting hit for Microsoft CVE-2017-8529 with the proof stating they have "KB4022720 installed". The fix listed in Nexpose is to uninstall this patch. However when I check the box it does not show this patch or any of the other possible June 2017 patches that were known to cause any issues. The registry keys have been set for this host, the patch KB4036586 has been applied and the host has been rebooted. Would there be any other reason this host is being flagged?
Posted by Robert DeBellis about a year ago
What is the best way to deal with devices such as routers that have multiple interfaces? Is the scanning software able to detect with credentials all of the IP addresses in use and collate them or is it best to put exception in place?
Posted by Mike about a year ago
As a security person, the InsightVM picked up these two vulnerabilities as an example: Obsolete Version of PHP PHP versions prior to 5.6 are no longer supported. General support for PHP 5.5.37 has been discontinued since July 10, 2016. It is strongly recommended to upgrade to PHP 5.6 or later. and PHP CGI Argument Injection https://www.rapid7.com/db/vulnerabil...p-php-obsolete The response I have back is that the version of Apache and PHP is fully supported. Can someone reconcile those two statements? Just want to have a sanity check before approve the exception. Here is the explaination: https://access.redhat.com/solutions/445713 What version of httpd is supported on RHEL? Is the community version of Apache httpd supported? Which versions of Apache httpd are supported? How can I install Apache 2.4/2.5? Is Apache httpd 2.4/2.5 supported? Does Redhat support self compiled apache installations? What are supported install methods for apache 2.4(e.g. rpm and yum only etc.)? Support for apache installation. We need to update the httpd version from 2.4.9 to 2.4.12 . we are unable to find the same on portal. Please provide Apache executable file for this. Which is the latest version of httpd(Apache) server available from RHEL. Apache HTTPD Upgrade I am aware that the Apache HTTPD version supplied for RHEL7.1 is version 2.4.6.Will Redhat upgrade this to 2.5 in future for RHEL7? I also have RHEL6.6 OS. Will there be plans to upgrade the Apache Httpd package in future? Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities httpd vulnerabilty on port 443 We patched httpd packages to latest (available on RHEL6 repository) to solve below vulnerabilties, but seems there is still vulnerability that Qualys is reporting What is the latest version of httpd supported on RHEL It looks like the latest is 2.2.3 but this is quite old. Does RHEL 7 supports Apache version 2.2.31?Else which Apache Version does RHEL 7 supports? Which versions of Apache are available for my version of Red Hat Enterprise Linux? It is necessary to install a specific version of Apache, does the installed version of Red Hat Enterprise Linux supports it? We need to know which is latest Apache (httpd) version that Redhat support? Does Apache/2.2.31 (Unix) supported in RHEL6 or RHEL7? Upstream is discussing EOL dates for PHP 5.3. https://wiki.php.net/rfc/php53eol Can you verify that RHEL6 will support PHP 5.3.x for the entire lifespan of RHEL6? Or is it possible that PHP 5.3.x will also become EOL for RHEL6? Please suggest how and where I can get the PHP 5.3.25 or above to install using Yum in RHEL6? Resolution At the time of this writing, we have following default versions of php packages available for RHEL5, RHEL6 and RHEL7 RHEL5 :- php-5.1 (latest RHEL provides php-5.3 in php53 package) RHEL6 :- php-5.3 RHEL7 :- php-5.4 The major version for php will remain as above for its whole life cycle. Please check below paragraph on how are RHEL packages managed. Red Hat Software Collections provides support for php-5.4, php-5.5, php-5.6, and php-7.0 for RHEL6 as well RHEL7 (as Software Collections follows a different naming convention, these packages are named as php54, php55, rh-php56, rh-php70 respectively). Please visit How to use Red Hat Software Collections for more information. Red Hat Enterprise Linux is a maintained collection of many different components, which are drawn from the wider open source software community. At the time our product is released we have a particular version of each of the software components, selected for features and stability. During the life cycle of our product we backport any relevant bug fixes and security enhancements created by the upstream maintainers to the packages that we maintain, as well as contributing any fixes that we do. We have our own version numbering scheme for the packages that we create based on these backported changes. We do not change the version of any of the software components based on the release of a new version by an upstream project. For example, if PHP releases a new version of PHP. we will not update our package to that new version. This is in order to maintain compatibility and stability. We will backport any bug fixes or security errata that are relevant to the version of PHP that is part of Red Hat Enterprise Linux. For more information about Red Hat's policy on the backporting of security updates, visit the following; What is Red Hat's security patch and backport policy
Posted by Al Wilson about a year ago
Hello Community, Firstly, I am sorry if I am opening a thread on restricted subject, and unintentionally violating forum policy. The issue I am facing is while setting up Hackazon on my Ubuntu server. After installing all the required repos, I am trying to access the http://localhost/install wizard in browser, however it throws an error as following. Fatal error: Call to undefined function bcpow() in /var/www/hackazon/vendor/gwtphp/gwtphp/src/util/TypeConversionUtil.class.php on line 207 Could you please help me resolving the issue? Thank you
Posted by Darshan Doshi about a year ago
Trying to make available a list of Assets with all exceptions approved for that asset. The way the data is stored makes doing this impossible with Global / Site / Asset Group / etc. Is there anyway to get a query to export AssetID, ip_address, exception number, so that I can export for automation.
Posted by Gerry Dalton about a year ago
When attempting to deploy the Honeypot OVF in vSphere 6.5, I'm getting the following error; "The provided manifest file is invalid: Invalid OVF manifest entry" as I'm attempting to select a host/cluster and move forward with the install... Any thoughts?
Posted by Ken Kurz about a year ago
Do I have the ability to manually add trusted IP addresses to our instance of Rapid 7 to reduce the number of false alerts that we receive? We have employees working on client sites and once we have established a set of IP addresses are trusted we'd like to add them so that no more are flagged. Currently it seems to flag them for each member of staff that visits the same site. One of the reasons they are flagged is because the IP Address in the UK is a US IP address - ISP is routing traffic through US and therefore 'Multiple Countries' is being flagged
Posted by Colin Morris about a year ago
I'm trying to run what I thought would be a fairly simple report. I just need basic top 10 highest risk info, but I also need to add a couple of columns with constant string values. The query validates as correct, but failed to preview or run. Is this type of thing not supported by Nexpose reporting, or am I missing something? This is my first experience with Postgresql, but I feel like I've thoroughly googled and read the Nexpose docs and found nothing. Any ideas? Thanks Here's the query. PARENT_ID and TYPE are the columns in question: select da.host_name as SUMMARY, 'IP - ' || da.ip_address || ' MAC - ' || dam.mac_address || ' Risk Score - ' || CAST(fa.riskscore as text) as DESCRIPTION, 'DGP-161' as PARENT_ID, 'Sub-task' as TYPE from fact_asset fa JOIN dim_asset da USING (asset_id) JOIN dim_asset_mac_address dam USING (asset_id) order by fa.riskscore desc limit 10
Posted by Mike Conroy about a year ago
In order for Rapid7 to the data from Salesforce it needs to function, what minimum permissions and privileges are required (i.e. read on which objects, fields, etc.)? Due to security compliance concerns, I'm hesitant to provide "View All" privileges if it's not required.
Posted by Nick Dempsey about a year ago
Hi I have to reinstall my Vitual Machine. When I try to use my key to activate it, I received an error "Activation failed: Cannot activate at this time" I chech my Internet connection and browser and everithing is fine. I do not if the key is tied to virtual machine before. I apprecite your help Sandra
Posted by Sandra Suarez about a year ago
Hello I have a situation where I have exploited a buffer overflow and have gained a meterpreter connection to the victim. Now I am trying to escalate privileges, I am using the bypass uac exploit but it gets caught by the antivirus, my question is can I encode the bypass uac exploit to send through the meterpreter session?
Posted by Jon Pel about a year ago
Nexpose tells me that many servers have PHP vulnerabilities related to an out-of-date version of PHP. According to our sysadmins, PHP is being updated by RedHat packages and not individually. Is there a way to tell Nexpose to check the OS version instead of PHP version alone? Thanks! Joe
Posted by Joe Toug about a year ago
I've been using the Community edition for two years now, and Just starting last week, all of the scans against regular workstations show risk = 0, servers still show Risk values greater than 3-400 hundred like before, and the total number of Vulnerabilities has dropped to 10. As much as I'd love to believe a Windows Update or similar has suddenly eliminated all my vulnerabilities, I highly doubt it. What happened? This problem does coincide with a reinstall per support instructions because of a Java error. Is this related too?
Posted by Dan Guzman about a year ago
We are seeing an increase in false positives due to backporting of patches on Redhat when conducting a DMZ scan. How is nexpose handling these potenital false positives and backporting? The scanner log shows it is detecting Red Hat "[http_header.server] Matching against banner: Apache/2.4.6 (Red Hat Enterprise Linux)" but has no mention of the possible backport of patches. The fingerprint of the OS comes out like this: Linux General Linux HTTPS 0.75 Linux General Linux HTTP 0.75 Linux Linux General Linux 2.6.32 IP stack analysis 0.64 Linux Linux General Linux 3.12 IP stack analysis 0.63 Linux Linux General Linux 2.6.39 IP stack analysis 0.62 Linux Linux General Linux 2.6.9 IP stack analysis 0.6 Linux Linux General Linux 2.6.35 IP stack analysis 0.6 Linux Linux General Linux 2.6.18 IP stack analysis 0.6 Does anyone have experience with this? I can confirm through a third party audit from a different vendor the same host was detected as a possible backport of patches and therfore, potinal false positives were excluded with a more correct fingerprint of "Linux Kernel 3.10 on Red Hat Enterprise Linux 7"
Posted by Bob about a year ago