Published: 02/03/2017 Updated: 15/08/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The Java keystore in all versions and editions of Rapid7 Nexpose before 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rapid7 nexpose

Command line tool to interact with Quay Clair

claircli claircli is a command line tool to interact with Quay Clair, which has following functionalities: analyze docker images in local host analyze docker images in remote host analyze docker images in secure/insecure registry support threshold/whitelist for vulnerabilities support fat manifests report to HTML/JSON, the html report is based on template Installation python3

CWE-798 https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products http://www.securityfocus.com/bid/96956 https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50 https://nvd.nist.gov https://github.com/joelee2012/claircli

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5230

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect