Search criteria
18 vulnerabilities found for web_appliance_firmware by sophos
FKIE_CVE-2014-2849
Vulnerability from fkie_nvd - Published: 2014-04-11 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:web_appliance_firmware:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1F13FE47-7269-42AF-9601-C04DB5BEF398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8580C268-2287-46DA-8E67-C6072A04535B",
"versionEndIncluding": "3.8.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8A7150-8264-416C-87DB-E9CDD318A82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57A40D50-1324-459A-81F2-1C57FFCB0206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7EB10A-A245-4688-9619-10A98BA5E23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FCF4B-4BAF-409C-9500-BA729C11C098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "245AA033-6388-4EB1-84FC-12FD3683F5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9AEBAC-E764-4A12-99E5-C643C4BEC88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19FBAC31-D306-4C13-81B0-7EE733EBE258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA62F916-6282-40C2-BBF0-0EDAFEE085BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84BF84-3204-4717-B6E7-3786A52ECB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8BE4DA-F1AE-41BF-B062-9D50ACC0B9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFA7CD3-3F79-408E-B68F-9EFF382B29E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "589BBFA8-3A56-4057-BE9E-EC63AA837CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C524417-B3CD-46B9-8A59-C489170E264E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E5111B15-366D-4B8E-946C-5E294907B399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1F32D9-BAA5-420D-AE0D-4E64320DB004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E2D4E-15A7-41BB-9F9E-162CEB797B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1090659-0F39-4E89-AA83-699549471839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBBFF84-0C64-4B50-AAA4-02A5B41F1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAD5CD0-9B52-4FF2-B1E2-BA2223073893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9132766-CAD5-4BE4-8E11-80251C28A974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "402C91F9-5FAF-4A1E-8350-799F825B2E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E69BED8D-1A92-4384-8BB4-5822FC69E29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2574CFB6-D3F2-41F0-88A4-152BD2F42427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72589AEB-DE8A-4385-BBA9-D6B8A74AFC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "934B4C03-1B9A-4B83-A396-1A44BCA8C1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08CC0060-A20C-4769-BA3F-43EDC8DAC750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DED9963-61AE-44C6-AC73-0F1AD82E34CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D078EE8-828A-4852-835A-CEC103A23A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1F9D52-CFEA-41B1-8477-1FF06FFB3EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEAE73E-5B43-48E9-A048-143F58FBC784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F23A049-F7D3-4CC0-B75D-A65D2151E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8E4724-F49B-4C1B-9879-7DFC23E12F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77EEB883-CF36-4274-B5C6-C83CB6C237A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3063D8C-6CBE-4929-BBB8-5D6AB935DF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4BB573-434C-48C6-9C25-FD804FB4AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54365D65-F2D6-423E-B3D3-B69C432A0CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57AFF87D-4DC8-42C1-9DAF-99A85D753D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "240B178F-4BE5-4778-AFEB-9BA53B866E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E03D20-3D0F-4BAC-8A30-3464F3C811E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69C112DE-1BC2-434F-B68D-EFE043A79FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49558797-D233-499D-85D8-AF8DEF667448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FF0A14-F791-4E03-B70A-C622824D49C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BDFF3F-3FD2-4E20-9D1F-19186CD83611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC1965-4E62-4DBF-AF18-ABFA7A3F54B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8573D8-DD6E-49C6-9AE8-A92880367435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B9976F-5CC8-4FAF-AAAA-CE5E3B99AF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D31A8-8DCE-4FE2-8816-FB6D43575DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "572BC9FF-8BC2-4839-88B1-E675A39AFF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED348A0-8645-48FD-8851-B803C4220BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7FC1C8-97BE-41DC-A81D-F8950D6716BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "171D7FA2-8DBB-436A-B963-D6A02707C0E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C13E74-8583-446C-9EC9-0E97CE383619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "507DBEDA-F5BA-4FA4-BE81-29A648058B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4B04F3-0306-4CDB-BE6B-648F37CB9722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE5DBC9-FD14-4BB8-9BE5-859216819D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE153D0-69DC-4724-9119-B8EF06A24404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E7297E-81EF-49BE-85F0-79CCF1B4BB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F97C2079-150D-4CE0-909B-5B106F66E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "049E873D-0E1B-4AA1-AFF7-5738A3DD145C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE97EF8-DC5C-460C-AA8B-6C7E86F2143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3242A2-FB0F-45DE-B362-3EC65FD360E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E53E03-EC8A-4B83-A91B-44B2C96B5CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5347976-394B-42F9-A0B9-D63DCAC8719B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5456C566-9473-4665-8CDD-D795CA6369A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC57EEC-5D83-4640-B625-BDB9BF8148C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14EEEB2D-2973-4C72-8445-6B51CB6D05A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9F811-E875-4DE9-9F35-C3540FCCBFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D587EB-200C-4979-B2C7-578F0BC5FD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "230DD33A-0D47-4B64-BDA9-5A28814E113F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "827687F6-E29A-4D87-8C44-8EC91FF2F1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDB0A27-9E8A-4169-A874-3ACDDE105CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "178F7104-4BDC-43A1-ADCB-4B5E1879A67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1551E945-5C3E-429A-A057-2734E9CAA23D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "047521B0-40AF-409A-814B-51573AC62A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB8C9E0-6E62-48FA-9E55-489FE073E996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B249C69-5FCA-4B1A-8D58-B32B2F45FB7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request."
},
{
"lang": "es",
"value": "El cuadro de dialogo de cambio de contrase\u00f1a (change_password) en Sophos Web Appliance anterior a 3.8.2 permite a usuarios remotos autenticados cambiar la contrase\u00f1a del usuario de administraci\u00f3n a trav\u00e9s de una solicitud manipulada."
}
],
"id": "CVE-2014-2849",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-11T15:55:27.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57706"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2850
Vulnerability from fkie_nvd - Published: 2014-04-11 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:web_appliance_firmware:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1F13FE47-7269-42AF-9601-C04DB5BEF398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8580C268-2287-46DA-8E67-C6072A04535B",
"versionEndIncluding": "3.8.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8A7150-8264-416C-87DB-E9CDD318A82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57A40D50-1324-459A-81F2-1C57FFCB0206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7EB10A-A245-4688-9619-10A98BA5E23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FCF4B-4BAF-409C-9500-BA729C11C098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "245AA033-6388-4EB1-84FC-12FD3683F5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9AEBAC-E764-4A12-99E5-C643C4BEC88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19FBAC31-D306-4C13-81B0-7EE733EBE258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA62F916-6282-40C2-BBF0-0EDAFEE085BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84BF84-3204-4717-B6E7-3786A52ECB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8BE4DA-F1AE-41BF-B062-9D50ACC0B9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFA7CD3-3F79-408E-B68F-9EFF382B29E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "589BBFA8-3A56-4057-BE9E-EC63AA837CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C524417-B3CD-46B9-8A59-C489170E264E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E5111B15-366D-4B8E-946C-5E294907B399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1F32D9-BAA5-420D-AE0D-4E64320DB004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E2D4E-15A7-41BB-9F9E-162CEB797B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1090659-0F39-4E89-AA83-699549471839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBBFF84-0C64-4B50-AAA4-02A5B41F1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAD5CD0-9B52-4FF2-B1E2-BA2223073893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9132766-CAD5-4BE4-8E11-80251C28A974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "402C91F9-5FAF-4A1E-8350-799F825B2E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E69BED8D-1A92-4384-8BB4-5822FC69E29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2574CFB6-D3F2-41F0-88A4-152BD2F42427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72589AEB-DE8A-4385-BBA9-D6B8A74AFC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "934B4C03-1B9A-4B83-A396-1A44BCA8C1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08CC0060-A20C-4769-BA3F-43EDC8DAC750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DED9963-61AE-44C6-AC73-0F1AD82E34CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D078EE8-828A-4852-835A-CEC103A23A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1F9D52-CFEA-41B1-8477-1FF06FFB3EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEAE73E-5B43-48E9-A048-143F58FBC784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F23A049-F7D3-4CC0-B75D-A65D2151E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8E4724-F49B-4C1B-9879-7DFC23E12F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77EEB883-CF36-4274-B5C6-C83CB6C237A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3063D8C-6CBE-4929-BBB8-5D6AB935DF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4BB573-434C-48C6-9C25-FD804FB4AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54365D65-F2D6-423E-B3D3-B69C432A0CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57AFF87D-4DC8-42C1-9DAF-99A85D753D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "240B178F-4BE5-4778-AFEB-9BA53B866E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E03D20-3D0F-4BAC-8A30-3464F3C811E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69C112DE-1BC2-434F-B68D-EFE043A79FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49558797-D233-499D-85D8-AF8DEF667448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FF0A14-F791-4E03-B70A-C622824D49C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BDFF3F-3FD2-4E20-9D1F-19186CD83611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC1965-4E62-4DBF-AF18-ABFA7A3F54B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8573D8-DD6E-49C6-9AE8-A92880367435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B9976F-5CC8-4FAF-AAAA-CE5E3B99AF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D31A8-8DCE-4FE2-8816-FB6D43575DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "572BC9FF-8BC2-4839-88B1-E675A39AFF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED348A0-8645-48FD-8851-B803C4220BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7FC1C8-97BE-41DC-A81D-F8950D6716BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "171D7FA2-8DBB-436A-B963-D6A02707C0E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C13E74-8583-446C-9EC9-0E97CE383619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "507DBEDA-F5BA-4FA4-BE81-29A648058B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4B04F3-0306-4CDB-BE6B-648F37CB9722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE5DBC9-FD14-4BB8-9BE5-859216819D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE153D0-69DC-4724-9119-B8EF06A24404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E7297E-81EF-49BE-85F0-79CCF1B4BB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F97C2079-150D-4CE0-909B-5B106F66E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "049E873D-0E1B-4AA1-AFF7-5738A3DD145C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE97EF8-DC5C-460C-AA8B-6C7E86F2143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3242A2-FB0F-45DE-B362-3EC65FD360E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E53E03-EC8A-4B83-A91B-44B2C96B5CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5347976-394B-42F9-A0B9-D63DCAC8719B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5456C566-9473-4665-8CDD-D795CA6369A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC57EEC-5D83-4640-B625-BDB9BF8148C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14EEEB2D-2973-4C72-8445-6B51CB6D05A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9F811-E875-4DE9-9F35-C3540FCCBFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D587EB-200C-4979-B2C7-578F0BC5FD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "230DD33A-0D47-4B64-BDA9-5A28814E113F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "827687F6-E29A-4D87-8C44-8EC91FF2F1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDB0A27-9E8A-4169-A874-3ACDDE105CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "178F7104-4BDC-43A1-ADCB-4B5E1879A67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1551E945-5C3E-429A-A057-2734E9CAA23D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "047521B0-40AF-409A-814B-51573AC62A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB8C9E0-6E62-48FA-9E55-489FE073E996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B249C69-5FCA-4B1A-8D58-B32B2F45FB7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter."
},
{
"lang": "es",
"value": "La p\u00e1gina de configuraci\u00f3n de interfaz de red (netinterface) en Sophos Web Appliance anterior a 3.8.2 permite a administradores remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el par\u00e1metro de direcci\u00f3n."
}
],
"id": "CVE-2014-2850",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-11T15:55:27.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57706"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66734"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2643
Vulnerability from fkie_nvd - Published: 2014-03-18 17:02 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | web_appliance_firmware | * | |
| sophos | web_appliance | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A72A59D-1018-43D3-B7E8-53F0AA013C18",
"versionEndIncluding": "3.7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Sophos Web Appliance anterior a 3.7.8.2 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del (1) par\u00e1metro xss en una acci\u00f3n permitida hacia rss.php, (2) par\u00e1metro msg hacia end-user/errdoc.php, (3) par\u00e1metro h hacia end-user/ftp_redirect.php o (4) par\u00e1metro threat hacia el componente Blocked."
}
],
"id": "CVE-2013-2643",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-18T17:02:51.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2641
Vulnerability from fkie_nvd - Published: 2014-03-18 17:02 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | web_appliance_firmware | * | |
| sophos | web_appliance | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A72A59D-1018-43D3-B7E8-53F0AA013C18",
"versionEndIncluding": "3.7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en patience.cgi en Sophos Web Appliance anterior a 3.7.8.2 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s del par\u00e1metro id."
}
],
"id": "CVE-2013-2641",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-18T17:02:51.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2642
Vulnerability from fkie_nvd - Published: 2014-03-18 17:02 - Updated: 2025-04-12 10:46
Severity ?
Summary
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sophos | web_appliance_firmware | * | |
| sophos | web_appliance | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A72A59D-1018-43D3-B7E8-53F0AA013C18",
"versionEndIncluding": "3.7.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality."
},
{
"lang": "es",
"value": "Sophos Web Appliance anterior a 3.7.8.2 permite a (1) atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el par\u00e1metro client-ip hacia la p\u00e1gina Block, cuando utiliza la variable user_workstation en una plantilla personalizada y usuarios remotos autenticados para ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el (2) par\u00e1metro url hacia la funcionalidad Diagnostic Tools o (3) par\u00e1metro entries hacia la funcionalidad Local Site List."
}
],
"id": "CVE-2013-2642",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-18T17:02:51.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4983
Vulnerability from fkie_nvd - Published: 2013-09-10 11:28 - Updated: 2025-04-11 00:51
Severity ?
Summary
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:web_appliance_firmware:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1F13FE47-7269-42AF-9601-C04DB5BEF398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1926B1A8-9B8B-420A-B58B-B55C2687F2E6",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8A7150-8264-416C-87DB-E9CDD318A82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57A40D50-1324-459A-81F2-1C57FFCB0206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7EB10A-A245-4688-9619-10A98BA5E23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FCF4B-4BAF-409C-9500-BA729C11C098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "245AA033-6388-4EB1-84FC-12FD3683F5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9AEBAC-E764-4A12-99E5-C643C4BEC88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19FBAC31-D306-4C13-81B0-7EE733EBE258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA62F916-6282-40C2-BBF0-0EDAFEE085BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84BF84-3204-4717-B6E7-3786A52ECB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8BE4DA-F1AE-41BF-B062-9D50ACC0B9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFA7CD3-3F79-408E-B68F-9EFF382B29E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "589BBFA8-3A56-4057-BE9E-EC63AA837CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C524417-B3CD-46B9-8A59-C489170E264E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E5111B15-366D-4B8E-946C-5E294907B399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1F32D9-BAA5-420D-AE0D-4E64320DB004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E2D4E-15A7-41BB-9F9E-162CEB797B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1090659-0F39-4E89-AA83-699549471839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBBFF84-0C64-4B50-AAA4-02A5B41F1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAD5CD0-9B52-4FF2-B1E2-BA2223073893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9132766-CAD5-4BE4-8E11-80251C28A974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "402C91F9-5FAF-4A1E-8350-799F825B2E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E69BED8D-1A92-4384-8BB4-5822FC69E29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2574CFB6-D3F2-41F0-88A4-152BD2F42427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72589AEB-DE8A-4385-BBA9-D6B8A74AFC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "934B4C03-1B9A-4B83-A396-1A44BCA8C1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08CC0060-A20C-4769-BA3F-43EDC8DAC750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DED9963-61AE-44C6-AC73-0F1AD82E34CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D078EE8-828A-4852-835A-CEC103A23A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1F9D52-CFEA-41B1-8477-1FF06FFB3EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEAE73E-5B43-48E9-A048-143F58FBC784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F23A049-F7D3-4CC0-B75D-A65D2151E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8E4724-F49B-4C1B-9879-7DFC23E12F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77EEB883-CF36-4274-B5C6-C83CB6C237A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3063D8C-6CBE-4929-BBB8-5D6AB935DF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4BB573-434C-48C6-9C25-FD804FB4AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54365D65-F2D6-423E-B3D3-B69C432A0CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57AFF87D-4DC8-42C1-9DAF-99A85D753D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "240B178F-4BE5-4778-AFEB-9BA53B866E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E03D20-3D0F-4BAC-8A30-3464F3C811E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69C112DE-1BC2-434F-B68D-EFE043A79FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49558797-D233-499D-85D8-AF8DEF667448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FF0A14-F791-4E03-B70A-C622824D49C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BDFF3F-3FD2-4E20-9D1F-19186CD83611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC1965-4E62-4DBF-AF18-ABFA7A3F54B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8573D8-DD6E-49C6-9AE8-A92880367435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B9976F-5CC8-4FAF-AAAA-CE5E3B99AF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D31A8-8DCE-4FE2-8816-FB6D43575DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "572BC9FF-8BC2-4839-88B1-E675A39AFF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED348A0-8645-48FD-8851-B803C4220BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7FC1C8-97BE-41DC-A81D-F8950D6716BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "171D7FA2-8DBB-436A-B963-D6A02707C0E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C13E74-8583-446C-9EC9-0E97CE383619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "507DBEDA-F5BA-4FA4-BE81-29A648058B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4B04F3-0306-4CDB-BE6B-648F37CB9722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE5DBC9-FD14-4BB8-9BE5-859216819D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE153D0-69DC-4724-9119-B8EF06A24404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E7297E-81EF-49BE-85F0-79CCF1B4BB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F97C2079-150D-4CE0-909B-5B106F66E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "049E873D-0E1B-4AA1-AFF7-5738A3DD145C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE97EF8-DC5C-460C-AA8B-6C7E86F2143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3242A2-FB0F-45DE-B362-3EC65FD360E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E53E03-EC8A-4B83-A91B-44B2C96B5CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5347976-394B-42F9-A0B9-D63DCAC8719B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5456C566-9473-4665-8CDD-D795CA6369A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC57EEC-5D83-4640-B625-BDB9BF8148C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14EEEB2D-2973-4C72-8445-6B51CB6D05A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9F811-E875-4DE9-9F35-C3540FCCBFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D587EB-200C-4979-B2C7-578F0BC5FD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "230DD33A-0D47-4B64-BDA9-5A28814E113F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "827687F6-E29A-4D87-8C44-8EC91FF2F1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDB0A27-9E8A-4169-A874-3ACDDE105CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "178F7104-4BDC-43A1-ADCB-4B5E1879A67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB8C9E0-6E62-48FA-9E55-489FE073E996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B249C69-5FCA-4B1A-8D58-B32B2F45FB7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php."
},
{
"lang": "es",
"value": "La funci\u00f3n get_referers en /opt/ws/bin/sblistpack de Sophos Web Appliance anterior a 3.7.9.1 y 3.8 (anterior a 3.8.1.1) permite a un atacante remoto ejecutar comandos a discrecci\u00f3n a trav\u00e9s de metacaracteres shell en el parametro dominio de end-user/index.php"
}
],
"id": "CVE-2013-4983",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-10T11:28:40.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-2849 (GCVE-0-2014-2849)
Vulnerability from cvelistv5 – Published: 2014-04-11 15:00 – Updated: 2024-09-16 17:34
VLAI?
Summary
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66734"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2849",
"datePublished": "2014-04-11T15:00:00Z",
"dateReserved": "2014-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:34:14.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2850 (GCVE-0-2014-2850)
Vulnerability from cvelistv5 – Published: 2014-04-11 15:00 – Updated: 2024-09-16 23:21
VLAI?
Summary
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66734"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2850",
"datePublished": "2014-04-11T15:00:00Z",
"dateReserved": "2014-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T23:21:40.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2643 (GCVE-0-2013-2643)
Vulnerability from cvelistv5 – Published: 2014-03-18 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2643",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2641 (GCVE-0-2013-2641)
Vulnerability from cvelistv5 – Published: 2014-03-18 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2641",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2642 (GCVE-0-2013-2642)
Vulnerability from cvelistv5 – Published: 2014-03-18 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2642",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4983 (GCVE-0-2013-4983)
Vulnerability from cvelistv5 – Published: 2013-09-10 10:00 – Updated: 2024-09-17 03:02
VLAI?
Summary
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-10T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4983",
"datePublished": "2013-09-10T10:00:00Z",
"dateReserved": "2013-07-29T00:00:00Z",
"dateUpdated": "2024-09-17T03:02:50.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2849 (GCVE-0-2014-2849)
Vulnerability from nvd – Published: 2014-04-11 15:00 – Updated: 2024-09-16 17:34
VLAI?
Summary
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66734"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2849",
"datePublished": "2014-04-11T15:00:00Z",
"dateReserved": "2014-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:34:14.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2850 (GCVE-0-2014-2850)
Vulnerability from nvd – Published: 2014-04-11 15:00 – Updated: 2024-09-16 23:21
VLAI?
Summary
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66734"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/120230.aspx"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-069/"
},
{
"name": "32789",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32789"
},
{
"name": "57706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2850",
"datePublished": "2014-04-11T15:00:00Z",
"dateReserved": "2014-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T23:21:40.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2643 (GCVE-0-2013-2643)
Vulnerability from nvd – Published: 2014-03-18 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2643",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2641 (GCVE-0-2013-2641)
Vulnerability from nvd – Published: 2014-03-18 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2641",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2642 (GCVE-0-2013-2642)
Vulnerability from nvd – Published: 2014-03-18 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2642",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4983 (GCVE-0-2013-4983)
Vulnerability from nvd – Published: 2013-09-10 10:00 – Updated: 2024-09-17 03:02
VLAI?
Summary
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-10T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4983",
"datePublished": "2013-09-10T10:00:00Z",
"dateReserved": "2013-07-29T00:00:00Z",
"dateUpdated": "2024-09-17T03:02:50.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}