CVE-2017-5264
N/A
N/A
Summary
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rapid7 | Nexpose | 6.4.65 and prior | affected |
Weaknesses
- CWE-352: CWE-352 (Cross-Site Request Forgery (CSRF))
ADP Enrichment
CVE Program Container
Additional References
- https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66
- https://www.exploit-db.com/exploits/43911/
- http://www.securityfocus.com/bid/102208
References
- https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66
- https://www.exploit-db.com/exploits/43911/
- http://www.securityfocus.com/bid/102208
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.