PT-2017-16418 · Rapid7 · Metasploit

Mohamed A. Baset

Publicado

2017-06-15

Atualizado

2019-10-09

CVE-2017-5244

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Metasploit versions prior to 4.14.0 (Update 2017061301)

Description A security issue allowed GET requests to stop running tasks, which should only be allowed via POST requests, as these actions change the service state. This could have enabled an attacker to stop running tasks by tricking an authenticated user into executing JavaScript.

Recommendations For versions prior to 4.14.0 (Update 2017061301), update to Metasploit 4.14.0 (Update 2017061301) to ensure that only POST requests, which include a secret token to prevent CSRF attacks, are allowed to stop tasks.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2017-5244

Produtos afetados

Metasploit

PT-2017-16418 · Rapid7 · Metasploit

CVE-2017-5244

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5