← back
CVE-2017-5264

CVE-2017-5264

EPSS 2.7%CWE-352
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
Affected products
Rapid7 · Nexpose
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43911/unverifiedexploitdbwww.exploit-db.com/exploits/43911unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://help.rapid7.com/nexpose/en-us/release-notes/archive/2017/12/#6.4.66https://www.exploit-db.com/exploits/43911/http://www.securityfocus.com/bid/102208