CVE-2017-5264

Summary

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

Affected Software

VendorProductVersion RangeStatus
Rapid7Nexpose6.4.65 and prioraffected

Weaknesses

  • CWE-352: CWE-352 (Cross-Site Request Forgery (CSRF))

ADP Enrichment

CVE Program Container

Additional References

References