Last updated at Sat, 19 Aug 2017 17:36:08 GMT

With the release of Nexpose 5.8.0 on 12/04/2013, a bug was introduced that would hinder Nexpose's ability to update any further in some uncommon network conditions.  You can rest assured that we have updated our processes to prevent situations like this from happening again, and the bug has been fixed in subsequent releases, however assurances alone won't help you if you can't actually update.  Fortunately, we have a solution.  Nexpose installers support the concept of a repair installation, which will upgrade your existing installation to the latest release.

How can I tell if I am having this problem?

Chances are that you are not affected by this.  If you were affected by this, you may have already worked with support and fixed the problem. To see if you were and still are affected by this, you have several options:

Check the Nexpose version displayed in the UI

Navigate to https://console:3780/admin/global/nsc.html and inspect the following:

  1. The 'Version' field.  If it says 5.8.0, you are likely affected.
  2. The 'Last content update' field.  If the date is not more recent than 12/04/2013, you are likely affected.
  3. The 'Last product update' field.  If the date is not more recent than 12/04/2013, you are likely affected.

An affected Nexpose installation would look something like:

Check the Nexpose version displayed on the console

If you are able to interact directly with the running Nexpose instance, for example in the recommended screen configuration, you can run the 'ver console' command.  Inspect the 'Console Version', 'Console Last Content Update ID' and 'Console Last Product Update ID' identically to what was described before.  An affected Nexpose installation would look something like:

> ver console  
2014-01-03T11:08:46 [INFO] > ver console  
2014-01-03T11:08:46 [INFO] VERSION INFORMATION  
Console Product Name:           NeXpose  
Console Version:                5.8.0                      <----------------- Incorrect, old version  
Console DN:                     CN=NeXpose Security Console, O=rapid7  
Console Platform:               Linux64  
Console Serial No:              abc123  
Console Last Content Update ID: 4253160994 (2013-12-03)    <----------------- Incorrect, old date  
Console Last Product Update ID: 1601209351 (2013-12-03)    <----------------- Incorrect, old date  
Console Software Revision:      e08ab15dadee_334  
Console Product ID:             299067162755562  
Console Version ID:             490  
Console VM version:             Java HotSpot(TM) 64-Bit Server VM 24.0-b56 (Linux amd64)

How can I fix this?

As a Rapid7 customer, you can call support to work through this issue. You can also remedy the situation using the following steps:

  1. Download the latest installer for your operating system from InsightVM and Nexpose installers, md5sum files, and Virtual Appliances onto the affected console(s) and/or engine(s).
  2. Stop your Nexpose instance.
  3. Run the installer.  When it starts, it should detect your existing installation and prompt you with the following:
  4. If it does not say this and you believe you were affected, stop and please contact Rapid7 support.  If it does say this and you believe you were affected and are opting to fix this yourself, continue to the next step.
  5. Follow the prompts as you would for a normal install and complete the process.
  6. Start Nexpose and wait for it to completely start.
  7. Check your versions as instructed at the beginning of this post.  If Nexpose updated at startup, you will find that you are no longer affected and can stop here.
  8. If Nexpose did not update during startup, you will need to update manually.  Navigate to https://console:3780/admin/global/nsc.html and click the 'Manual update' button.  Once updated, repeat step 6. If this fails, contact support.

How can I confirm that I am no longer affected by this?

Simple.  Redo the steps listed at the beginning of this post.

A sample, now-fixed console would display something like the following in the UI:

A sample, now-fixed console would display something similar to the following on the console:

> ver console  
2014-01-03T12:13:59 [INFO] > ver console  
2014-01-03T12:13:59 [INFO] VERSION INFORMATION  
Console Product Name:           NeXpose  
Console Version:                5.8.3                      <----------------- Correct, newer version  
Console DN:                     CN=NeXpose Security Console, O=rapid7  
Console Platform:               Linux64  
Console Serial No:              abc123  
Console Last Content Update ID: 1873823056 (2013-12-31)    <----------------- Correct, more recent date  
Console Last Product Update ID: 1654203768 (2013-12-31)    <----------------- Correct, more recent date  
Console Software Revision:      0e93fd14afb2_359  
Console Product ID:             299067162755562  
Console Version ID:             490  
Console VM version:             Java HotSpot(TM) 64-Bit Server VM 24.0-b56 (Linux amd64)

Hopefully you were unaffected by this, but if you were, hopefully this post and/or support was able to remedy the problem.  As usual, please reach out here or through support with any questions or concerns.