CVE-2012-6493

Sažetak

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html
http://osvdb.org/88923
http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/23924
https://community.rapid7.com/docs/DOC-2155#release1

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-02-2014 - 22:17

Objavljeno

04-02-2014 - 22:55