CVE-2012-6493

Published: Feb 4, 2014Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

Affected (15)

Products: Rapid7: Nexpose

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Rapid7 Nexpose	Up to 5.5.3
Rapid7 Nexpose	Version 5.4.10
Rapid7 Nexpose	Version 5.4.11
Rapid7 Nexpose	Version 5.4.12
Rapid7 Nexpose	Version 5.4.1
Rapid7 Nexpose	Version 5.4.2
Rapid7 Nexpose	Version 5.4.3
Rapid7 Nexpose	Version 5.4.4
Rapid7 Nexpose	Version 5.4.5
Rapid7 Nexpose	Version 5.4.6
Rapid7 Nexpose	Version 5.4.7
Rapid7 Nexpose	Version 5.4.8
Rapid7 Nexpose	Version 5.4.9
Rapid7 Nexpose	Version 5.4
Rapid7 Nexpose	Version 5.5.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html

Source: cve@mitre.org

Exploit

http://osvdb.org/88923

Source: cve@mitre.org

http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/23924

Source: cve@mitre.org

Exploit

https://community.rapid7.com/docs/DOC-2155#release1

Source: cve@mitre.org

PatchVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://osvdb.org/88923

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.exploit-db.com/exploits/23924

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://community.rapid7.com/docs/DOC-2155#release1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.