cnvd - cnvd-2017-14895

cnvd-2017-14895

Vulnerability from cnvd

Title: Rapid7 Metasploit Editions跨站脚本漏洞

Description:

Rapid7 Metasploit是美国Rapid7公司的一款开源的安全漏洞检测工具。Metasploit Express、Community和Pro分别是不同的版本。

Rapid7 Metasploit Express、Community和Pro中存在跨站请求伪造漏洞，该漏洞源于程序未能充分的执行跨站请求保护。远程攻击者可通过诱使已认证的用户执行JavaScript利用该漏洞停止正在运行的Metasploit任务。

Severity: 低

Patch Name: Rapid7 Metasploit Editions跨站脚本漏洞的补丁

Patch Description:

Rapid7 Metasploit是美国Rapid7公司的一款开源的安全漏洞检测工具。Metasploit Express、Community和Pro分别是不同的版本。

Rapid7 Metasploit Express、Community和Pro中存在跨站请求伪造漏洞，该漏洞源于程序未能充分的执行跨站请求保护。远程攻击者可通过诱使已认证的用户执行JavaScript利用该漏洞停止正在运行的Metasploit任务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.metasploit.com/

Reference: http://www.securityfocus.com/bid/99082

Impacted products

Name
['Rapid7 Metasploit Express <4.14.0 (Update 2017061301)', 'Rapid7 Metasploit Pro <4.14.0 (Update 2017061301)', 'Rapid7 Metasploit Community <4.14.0 (Update 2017061301)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99082"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5244"
    }
  },
  "description": "Rapid7 Metasploit\u662f\u7f8e\u56fdRapid7\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5b89\u5168\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3002Metasploit Express\u3001Community\u548cPro\u5206\u522b\u662f\u4e0d\u540c\u7684\u7248\u672c\u3002\r\n\r\nRapid7 Metasploit Express\u3001Community\u548cPro\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u8de8\u7ad9\u8bf7\u6c42\u4fdd\u62a4\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u5df2\u8ba4\u8bc1\u7684\u7528\u6237\u6267\u884cJavaScript\u5229\u7528\u8be5\u6f0f\u6d1e\u505c\u6b62\u6b63\u5728\u8fd0\u884c\u7684Metasploit\u4efb\u52a1\u3002",
  "discovererName": "Mohamed A. Baset",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.metasploit.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14895",
  "openTime": "2017-07-17",
  "patchDescription": "Rapid7 Metasploit\u662f\u7f8e\u56fdRapid7\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5b89\u5168\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3002Metasploit Express\u3001Community\u548cPro\u5206\u522b\u662f\u4e0d\u540c\u7684\u7248\u672c\u3002\r\n\r\nRapid7 Metasploit Express\u3001Community\u548cPro\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u8de8\u7ad9\u8bf7\u6c42\u4fdd\u62a4\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u5df2\u8ba4\u8bc1\u7684\u7528\u6237\u6267\u884cJavaScript\u5229\u7528\u8be5\u6f0f\u6d1e\u505c\u6b62\u6b63\u5728\u8fd0\u884c\u7684Metasploit\u4efb\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rapid7 Metasploit Editions\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rapid7 Metasploit Express \u003c4.14.0 (Update 2017061301)",
      "Rapid7 Metasploit Pro \u003c4.14.0 (Update 2017061301)",
      "Rapid7 Metasploit Community \u003c4.14.0 (Update 2017061301)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99082",
  "serverity": "\u4f4e",
  "submitTime": "2017-06-22",
  "title": "Rapid7 Metasploit Editions\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2017-5244 (GCVE-0-2017-5244)

Vulnerability from cvelistv5

Published

2017-06-15 14:00

Modified

2024-08-05 14:55

Severity ?

CWE

CWE-352 - (Cross-Site Request Forgery)

Summary

Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/99082	vdb-entry, x_refsource_BID
	https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed	x_refsource_CONFIRM
	https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Rapid7	Metasploit (Pro, Express, and Community editions)	Version: < 4.14.0 (Update 2017061301)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99082",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99082"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Metasploit (Pro, Express, and Community editions)",
          "vendor": "Rapid7",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.14.0 (Update 2017061301)"
            }
          ]
        }
      ],
      "datePublic": "2017-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 (Cross-Site Request Forgery)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-16T09:57:01",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "name": "99082",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99082"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2017-5244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Metasploit (Pro, Express, and Community editions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 4.14.0 (Update 2017061301)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rapid7"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 (Cross-Site Request Forgery)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99082",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99082"
            },
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed",
              "refsource": "CONFIRM",
              "url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
            },
            {
              "name": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/",
              "refsource": "MISC",
              "url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2017-5244",
    "datePublished": "2017-06-15T14:00:00",
    "dateReserved": "2017-01-09T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted