Published: 14/12/2017 Updated: 31/01/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Versions of Nexpose before 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rapid7 nexpose

# Exploit Title: [Cross Site Request Forgery at Nexpose Automated Actions] # Release Date: [2017-12-13] # Exploit Author: [Shwetabh Vishnoi] # Link: wwwlinkedincom/in/shwetabhvishnoi # Vendor Homepage: [wwwrapid7com/] # Software Link: [wwwrapid7com/products/nexpose/download/] # Tested on: [Windows,Linux,Mac] # CVE : [C ...

Rapid7 Nexpose version 6465 suffers from a cross site request forgery vulnerability ...

CWE-352 https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66 http://www.securityfocus.com/bid/102208 https://www.exploit-db.com/exploits/43911/https://nvd.nist.gov https://www.exploit-db.com/exploits/43911/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5264

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect