6.8

CVE-2012-6493

Exploit
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rapid7Nexpose Version <= 5.5.3
Rapid7Nexpose Version5.4
Rapid7Nexpose Version5.4.1
Rapid7Nexpose Version5.4.2
Rapid7Nexpose Version5.4.3
Rapid7Nexpose Version5.4.4
Rapid7Nexpose Version5.4.5
Rapid7Nexpose Version5.4.6
Rapid7Nexpose Version5.4.7
Rapid7Nexpose Version5.4.8
Rapid7Nexpose Version5.4.9
Rapid7Nexpose Version5.4.10
Rapid7Nexpose Version5.4.11
Rapid7Nexpose Version5.4.12
Rapid7Nexpose Version5.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html
Exploit
http://osvdb.org/88923
http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html
Exploit
http://www.exploit-db.com/exploits/23924
Exploit
https://community.rapid7.com/docs/DOC-2155#release1
Patch
Vendor Advisory