Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sophos | First view | 2013-09-10 |
| Product | Web Appliance Firmware | Last view | 2014-04-11 |
| Version | 3.6.1.1 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:sophos:web_appliance_firmware | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.5 | 2014-04-11 | CVE-2014-2850 | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. |
| 8.5 | 2014-04-11 | CVE-2014-2849 | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. |
| 4.3 | 2014-03-18 | CVE-2013-2643 | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component. |
| 9.3 | 2014-03-18 | CVE-2013-2642 | Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. |
| 5 | 2014-03-18 | CVE-2013-2641 | Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. |
| 10 | 2013-09-10 | CVE-2013-4983 | The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (3) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
| 16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 16% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
ExploitDB Exploits
| id | Description |
|---|---|
| 28175 | Sophos Web Protection Appliance - Multiple Vulnerabilities |
| 24932 | Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-02-11 | Sophos Web Appliance arbitrary command execution attempt RuleID : 32998 - Type : SERVER-OTHER - Revision : 6 |
| 2015-02-11 | Sophos Web Appliance arbitrary command execution attempt RuleID : 32997 - Type : SERVER-OTHER - Revision : 6 |
| 2014-01-10 | Sophos Web Protection Appliance sblistpack arbitrary command execution attempt RuleID : 27942 - Type : SERVER-WEBAPP - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-09-26 | Name: The remote host is running a web application that is affected by multiple vul... File: sophos_web_protection_command_injection.nasl - Type: ACT_DESTRUCTIVE_ATTACK |
| 2013-04-18 | Name: The remote host is running a web application that is affected by a cross-site... File: sophos_web_protection_xss.nasl - Type: ACT_ATTACK |
| 2013-04-09 | Name: The remote host is running a web application that is affected by a directory ... File: sophos_web_protection_dir_traversal.nasl - Type: ACT_ATTACK |
