First published: Thu Dec 14 2017(Updated: )
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Credit: cve@rapid7.con
Affected Software | Affected Version | How to fix |
---|---|---|
Rapid7 Nexpose | <6.4.66 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-5264 is a vulnerability found in versions of Nexpose prior to 6.4.66 that fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, making them susceptible to a cross-site request forgery (CSRF) attack.
CVE-2017-5264 affects versions of Nexpose prior to 6.4.66.
CVE-2017-5264 has a severity keyword of 'high' and a severity value of 8.8.
To fix CVE-2017-5264, users should update Nexpose to version 6.4.66 or later.
You can find more information about CVE-2017-5264 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/102208), [Rapid7 Release Notes](https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66), [Exploit-DB](https://www.exploit-db.com/exploits/43911/).