CVE-2017-5244

LOW Year: 2017
CVSS v3 Score
3.5
Low
CVSS v2 Score
3.5
Low
Weakness Type
CWE-352
View all →

Vulnerability Description

Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.

Related Vulnerabilities

CVE-2016-2998

LOW
CVSS:3.5(Low)

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication o...

CWE-3522016

CVE-2016-3009

LOW
CVSS:3.5(Low)

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary user...

CWE-3522016

CVE-2020-18464

LOW
CVSS:3.5(Low)

Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.

CWE-3522020

CVE-2020-28838

LOW
CVSS:3.5(Low)

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.

CWE-3522020

CVE-2021-26071

LOW
CVSS:3.5(Low)

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymou...

CWE-3522021

CVE-2021-3901

LOW
CVSS:3.5(Low)

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

CWE-3522021