CVE-2012-6493
Published Feb 4, 2014
Last updated 11 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7092419-CD5C-4D96-B3F0-18724CE62216",
"versionEndIncluding": "5.5.3"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E99F219-046F-4272-9390-FEDD119D4480"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D00215B-C6FB-44E8-8FBB-56A13AC70009"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "129A50F9-509C-42D5-A185-8AA88D468CA8"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE07CAC2-F931-4CFE-9883-A2C48FE73958"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E174D181-143F-4F63-9A5C-7A477CA5AD00"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31CD346D-D2F6-4EB1-B1B8-3A435678D5D1"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A36059AE-A763-4C01-863C-348FC77CE582"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28F06A18-7C2C-4789-82AE-96C3A741962F"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0DA6563-3C35-4739-A443-14F7DE3B76A2"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C91691B-FDC9-4B98-AACC-17723FCDD3C7"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DDF8104-9494-4995-8F4F-8B5140868A81"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "844792DE-6A21-41B0-97AD-72CFB1821386"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.4.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "256309DB-D90C-4C37-B241-665F25FB47B8"
},
{
"criteria": "cpe:2.3:a:rapid7:nexpose:5.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "733076EC-78D0-4C5D-AA11-6CAABF980755"
}
],
"operator": "OR"
}
]
}
]