2 matches found
CVE-2017-5244
Routes used to stop running Metasploit tasks either particular ones or all tasks allowed GET requests. Only POST requests should have been allowed, as the stop/stopall routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting...
CVE-2017-5244
CVE-2017-5244 is a Cross-Site Request Forgery (CSRF) flaw in Metasploit Pro, Express, and Community editions prior to 4.14.0 that allowed an authenticated user to stop running tasks by triggering non-idempotent GET requests to stop routes. Root cause: stopping routes accepted GET instead of POST,...