Security End of Life (SEoL) Plugin Conversions 2024 Q1...
Security End of Life (SEoL) Plugin Conversions 2024 Q1 Change In accordance with the SEoL framework published in April 2023, we are updating and/or deprecating the legacy “Unsupported <x>” plugins to conform to the new plugin specification. Only the Unsupported plugins listed in the “Deprecated Plugin” table below have been deprecated and replaced with SEoL plugins - all other plugins that detect Unsupported software remain in service. Impact Customers should anticipate the legacy “Unsupported” plugins to be deprecated and/or converted to their corresponding SEoL plugins. This may result in new findings and a more detailed picture of the exposure landscape associated with products in the SEoL state. Customer-created dashboards or reports that use the now-deprecated “Unsupported” plugins should be migrated to use the new SEoL plugins listed below. For additional details please see the SEoL FAQ knowledge base article from June 2023. This FAQ covers questions about SEoL plugin severity ratings, considerations for extended vendor support agreements, and future product coverage. Converted Plugins Deprecated Plugin: 84018, ManageEngine Applications Manager Unsupported Version Detection New Plugin(s): ManageEngine Applications Manager SEoL Plugins Deprecated Plugin: 55851, VMware Fusion Unsupported Version Detection New Plugin(s): VMware Fusion SEoL Plugins Modified Plugin: 93229, Microsoft Visio Viewer Unsupported Version Detection Modified Plugin: 59196, Adobe Flash Player Unsupported Version Detection Modified Plugin: 112152, Microsoft Edge Legacy Browser Unsupported Version Detection Modified Plugin: 76333, F5 Networks ARX Data Manager Unsupported Version Detection Modified Plugin: 92700, Microsoft Visual FoxPro Unsupported Version Detection Modified Plugin: 63683, VMware View Server Unsupported Version Detection Consolidated List of Deprecated Plugins 55851, 84018 Consolidated List of Modified Plugins 59196, 63683, 76333, 92700, 93229, 112152 Target Release Date April 2, 2024 Additional Notes For a complete list of SEoL plugin coverage, please visit https://www.tenable.com/plugins/search?q=%22SEoL%22. Additional coverage requests can be made via Tenable’s Suggestions Portal at https://suggestions.tenable.com.
Security End of Life (SEoL) Plugin Conversions 2023 Q3...
Security End of Life (SEoL) Plugin Conversions 2023 Q3 Change In accordance with the SEoL framework published in late April of this year, we are updating and/or deprecating the legacy “Unsupported <x>” plugins to conform to the new plugin specification. Only the Unsupported plugins listed in the “Deprecated Plugin” table below have been deprecated and replaced with SEoL plugins - all other plugins that detect Unsupported software remain in service. Impact Customers should anticipate the legacy “Unsupported <x>” plugins to be deprecated and/or converted to their corresponding SEoL plugins. This may result in new findings and a more detailed picture of the exposure landscape associated with products in the SEoL state. Customer-created dashboards or reports that use the now-deprecated “Unsupported” plugins should be migrated to use the new SEoL plugins listed below. For additional details please see the SEoL FAQ knowledge base article from June 2023. This FAQ covers questions about SEoL plugin severity ratings, considerations for extended vendor support agreements, future product coverage. Converted Plugins Deprecated Plugin: 78506, Apache Subversion Client Unsupported Version Detection New Plugin(s): Apache Subversion Client SEoL Plugins Deprecated Plugin: 78507, Apache Subversion Server Unsupported Version Detection New Plugin(s): Apache Subversion Server SEoL Plugins Deprecated Plugin:: 109318, Atlassian JIRA Unsupported Version Detection New Plugin(s): Atlassian Jira SEoL Plugins Deprecated Plugin: 151128, VMWare Carbon Black App Control Unsupported Version Detection New Plugin(s): Carbon Black SEoL Plugins Deprecated Plugin: 89684, Drupal Unsupported Version Detection New Plugin(s): Drupal SEoL Plugins Deprecated Plugin: 156032, Apache Log4j Unsupported Version Detection New Plugin(s): Log4J SEoL Plugins Deprecated Plugins: 71458, Nessus Unsupported Version Detection 148832, Nessus Agent Unsupported Version Detection New Plugin(s): Nessus and Nessus Agent SEoL Plugins Deprecated Plugin: 117461, Apache Struts Unsupported Version Detection Apache Struts SEoL Plugins Deprecated Plugin: 78555, OpenSSL Unsupported New Plugin(s): OpenSSL SEoL Plugins List of Deprecated Plugins 78506, 78507, 109318, 151128, 89684, 156032, 71458, 71461, 117461, 78555 Target Release Date September 29, 2023 Additional Notes For a complete list of SEoL plugin coverage, please visit https://www.tenable.com/plugins/search?q=%22SEoL%22. Additional coverage requests can be made via Tenable’s Suggestions Portal at https://suggestions.tenable.com.
Enhanced Apache Tomcat Detection on Unix-based OSes Change...
Enhanced Apache Tomcat Detection on Unix-based OSes Change Nessus plugin 130175 identifies Apache Tomcat on Unix-based platforms. Improvements have been made to this plugin to examine running processes for Apache Tomcat paths for increased coverage and a more accurate and reliable version source. Impact Customers should expect more identifications of Apache Tomcat installs, potentially resulting in additional vulnerability reports. Plugin 130175 - Apache Tomcat Local Detection Target Release Date 29 April 2020 __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.TLS/SSL Ciphersuite Name Reporting Improvements Change The...
TLS/SSL Ciphersuite Name Reporting Improvements Change The way TLS/SSL ciphersuites are reported by Tenable products is changing. The changes will add information to the output to help customers match our ciphersuite names to other naming conventions, and expand and correct coverage of available ciphersuites. Currently our reports consist of a line per ciphersuite that looks like column spaced name/value pairs: To improve normalization, the IANA ciphersuite code will be added to each reported cipher. This is the most consistent identifier for ciphersuites across products. It can be used to look up the OpenSSL, IANA, NSA or IETF name of a ciphersuite. Additionally, ciphersuite names will be expanded and corrected. Some ciphersuites such as those with AES-CCM encryption will be given names rather than “N/A”. Other ciphersuite names that lacked bit strength or described a ciphersuite with NULL encryption will be corrected. The new output for the previous report: Impact TLS/SSL ciphersuite reporting occurs in several plugins. If you perform post-processing of plugin output that depends on the formatting of these reports, you may need to adjust that process. In a few rare cases you may see ciphersuites reported as having NULL strength when previously they were categorized as “High Strength”. In other cases, you may see a Tenable ciphersuite name where in previous reports you would see “N/A”. In the legend for a ciphersuite report, ciphersuite names are correctly attributed as “Tenable” names rather than OpenSSL names. Plugins 133306 Microsoft Remote Desktop Gateway Multiple RCE Vulnerabilities 63643 MS13-006: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass 79638 MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution 60016 Vulnerability in TLS Could Allow Information Disclosure 80035 TLS Padding Oracle Information Disclosure Vulnerability 97191 F5 TLS Session Ticket Implementation Remote Memory Disclosure 91572 OpenSSL AES-NI Padding Oracle MitM Information Disclosure 58751 SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability 105415 Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure 21643 SSL Cipher Suites Supported 77200 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability 31705 SSL Anonymous Cipher Suites Supported Target Release Date 6 April 2020 __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
