Vulnerability-Lookup

CNVD-2017-14895

Vulnerability from cnvd - Published: 2017-07-17

Title

Rapid7 Metasploit Editions跨站脚本漏洞

Description

Rapid7 Metasploit是美国Rapid7公司的一款开源的安全漏洞检测工具。Metasploit Express、Community和Pro分别是不同的版本。 Rapid7 Metasploit Express、Community和Pro中存在跨站请求伪造漏洞，该漏洞源于程序未能充分的执行跨站请求保护。远程攻击者可通过诱使已认证的用户执行JavaScript利用该漏洞停止正在运行的Metasploit任务。

Severity

低

Patch Name

Rapid7 Metasploit Editions跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.metasploit.com/

Reference

http://www.securityfocus.com/bid/99082

Impacted products

Name
['Rapid7 Metasploit Express <4.14.0 (Update 2017061301)', 'Rapid7 Metasploit Pro <4.14.0 (Update 2017061301)', 'Rapid7 Metasploit Community <4.14.0 (Update 2017061301)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99082"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5244"
    }
  },
  "description": "Rapid7 Metasploit\u662f\u7f8e\u56fdRapid7\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5b89\u5168\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3002Metasploit Express\u3001Community\u548cPro\u5206\u522b\u662f\u4e0d\u540c\u7684\u7248\u672c\u3002\r\n\r\nRapid7 Metasploit Express\u3001Community\u548cPro\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u8de8\u7ad9\u8bf7\u6c42\u4fdd\u62a4\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u5df2\u8ba4\u8bc1\u7684\u7528\u6237\u6267\u884cJavaScript\u5229\u7528\u8be5\u6f0f\u6d1e\u505c\u6b62\u6b63\u5728\u8fd0\u884c\u7684Metasploit\u4efb\u52a1\u3002",
  "discovererName": "Mohamed A. Baset",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.metasploit.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14895",
  "openTime": "2017-07-17",
  "patchDescription": "Rapid7 Metasploit\u662f\u7f8e\u56fdRapid7\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5b89\u5168\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\u3002Metasploit Express\u3001Community\u548cPro\u5206\u522b\u662f\u4e0d\u540c\u7684\u7248\u672c\u3002\r\n\r\nRapid7 Metasploit Express\u3001Community\u548cPro\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u8de8\u7ad9\u8bf7\u6c42\u4fdd\u62a4\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u5df2\u8ba4\u8bc1\u7684\u7528\u6237\u6267\u884cJavaScript\u5229\u7528\u8be5\u6f0f\u6d1e\u505c\u6b62\u6b63\u5728\u8fd0\u884c\u7684Metasploit\u4efb\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rapid7 Metasploit Editions\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rapid7 Metasploit Express \u003c4.14.0 (Update 2017061301)",
      "Rapid7 Metasploit Pro \u003c4.14.0 (Update 2017061301)",
      "Rapid7 Metasploit Community \u003c4.14.0 (Update 2017061301)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99082",
  "serverity": "\u4f4e",
  "submitTime": "2017-06-22",
  "title": "Rapid7 Metasploit Editions\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2017-5244 (GCVE-0-2017-5244)

Vulnerability from cvelistv5 – Published: 2017-06-15 14:00 – Updated: 2024-08-05 14:55

Summary

Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.

Severity ?

No CVSS data available.

CWE

CWE-352 - (Cross-Site Request Forgery)

Assigner

rapid7

References

URL

Tags

	http://www.securityfocus.com/bid/99082	vdb-entryx_refsource_BID
	https://community.rapid7.com/community/metasploit…	x_refsource_CONFIRM
	https://www.seekurity.com/blog/general/metasploit…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Rapid7	Metasploit (Pro, Express, and Community editions)	Affected: < 4.14.0 (Update 2017061301)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99082",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99082"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Metasploit (Pro, Express, and Community editions)",
          "vendor": "Rapid7",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.14.0 (Update 2017061301)"
            }
          ]
        }
      ],
      "datePublic": "2017-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 (Cross-Site Request Forgery)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-16T09:57:01",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "name": "99082",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99082"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2017-5244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Metasploit (Pro, Express, and Community editions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 4.14.0 (Update 2017061301)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rapid7"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 (Cross-Site Request Forgery)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99082",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99082"
            },
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed",
              "refsource": "CONFIRM",
              "url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
            },
            {
              "name": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/",
              "refsource": "MISC",
              "url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2017-5244",
    "datePublished": "2017-06-15T14:00:00",
    "dateReserved": "2017-01-09T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-14895

CVE-2017-5244 (GCVE-0-2017-5244)

Tags

Sightings

Nomenclature