Back in December 2015, Nexpose added two new potential vulnerability checks: "Remote code execution vulnerability due to unsafe deserialization in Oracle WebLogic Server" (CVE-2015-4852) and "JBoss InvokerTransformer code execution during deserialisation" (CVE-2015-7501). You can read all about it here. With this week's update, if you scan using credentials, you will now benefit from enhanced vulnerability detection for:

  • CVE-2015-7501 (All JBoss AS and EAP versions)
  • CVE-2015-4852 (Oracle WebLogic 10.3.6.0, 12.1.2.0, 12.1.3.0, 12.2.1.0)

...on Unix based systems.

Given that JBoss and WebLogic are typically installed separately from the OS package management utilities, Nexpose will look for instances of these applications in the common /opt and /usr directories. Should you have these applications installed elsewhere, there is an option to tell Nexpose which directories to look in. There are three options available to you, all configurable by running a console command. To do this go to the Administration tab, select the 'Run' link under 'Maintenance, Storage and Troubleshooting section'

Override the global search paths for all scans on Unix systems:

set custom property com.rapid7.nexpose.plugin.unixfilebasedfingerprinter.searchpath='/opt /usr /home/user'

Set an application specific search path for JBoss or WebLogic:

set custom property com.rapid7.nexpose.plugin.unixfilebasedfingerprinter.searchpath.jboss='/home/user' 
set custom property com.rapid7.nexpose.plugin.unixfilebasedfingerprinter.searchpath.weblogic='/home/user'  

These properties can be set whilst Nexpose is running, as described above, however, to persist these changes between restarts, it is necessary to store these values in the CustomEnvironment.properties file that resides in:

  • [INSTALLATION_PATH]/nsc (Nexpose console)
  • [INSTALLATION_PATH]/nse for (Nexpose engine)