← Volver a CVEs

CVE-2012-6493

N/A

Descripcion

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

Detalles CVE

Puntuacion CVSS v3.1N/A

Publicado2/4/2014

Ultima modificacion4/29/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

rapid7:nexpose

Debilidades (CWE)

CWE-352

Referencias

http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html(cve@mitre.org)

http://osvdb.org/88923(cve@mitre.org)

http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html(cve@mitre.org)

http://www.exploit-db.com/exploits/23924(cve@mitre.org)

https://community.rapid7.com/docs/DOC-2155#release1(cve@mitre.org)

http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/88923(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.exploit-db.com/exploits/23924(af854a3a-2127-422b-91ae-364da2661108)

https://community.rapid7.com/docs/DOC-2155#release1(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.