Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2642

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2013-2642
Last Modified 19 Mar 2014 09:54:05
Published 18 Mar 2014 01:02:51
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2642

Summary

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.

Vulnerable Systems

Operating System

  • Sophos Web Appliance Firmware 3.7.8.1


References

MISC - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt

CONFIRM - http://www.sophos.com/en-us/support/knowledgebase/118969.aspx


Last Updated: 27 May 2016 11:04:42