PostgreSQL?

PostgreSQL is a popular open source relational database which is used in many web sites and products, including the most awesome product in the whole wide world. Rapid7's Nexpose coverage team is proud to present full coverage for PostgreSQL in Nexpose 5.5.13. This update adds coverage for 19 PostgreSQL vulnerabilities from between 2009 and 2013.

Also, PostgreSQL's logo is an elephant: How awesome is that?

Awesome! What do I have to do to use this coverage?


To use this coverage, you must include the "PostgreSQL" category in your scan template and provide credentials for a PostgreSQL user with permissions to connect to your database remotely:

Are there any caveats I should know about?


Our PostgreSQL coverage is based on the official distribution of PostgreSQL distributed by the PostgreSQL Global Development Group, which includes apt and yum repos for major Linux distributions, in addition to pre-built packages for other major platforms.

If you are using a version of PostgreSQL repackaged by a supported Linux distribution, such as Debian or Red Hat Enterprise Linux, we provide checks based on the package versions published in the vendor's security updates, which will be more accurate. You do not need to use the PostgreSQL category or provide PostgreSQL credentials, but must provide login credentials to the host and select the relevant vendor's category.