VYPR
High severity8.8NVD Advisory· Published Dec 14, 2017· Updated Jun 17, 2026

CVE-2017-5264

CVE-2017-5264

Description

Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Rapid7/Nexpose3 versions
    cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*range: <6.4.66
    • (no CPE)range: <6.4.66
    • (no CPE)range: 6.4.65 and prior

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.

CVE-2017-5264 · High · VYPR