Required CVE Record Information
Description
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
References 3 Total
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66 x_transferred
- exploit-db.com: 43911 exploitx_transferred
- securityfocus.com: 102208 vdb-entryx_transferred