Lucene search
MitreCVE-2013-4983HistorySep 10, 2013 - 11:28 a.m.
CVE-2013-4983
2013-09-1011:28:40
CWE-78
mitre
web.nvd.nist.gov
38
cve-2013-4983
sophos web appliance
remote attackers
arbitrary commands
shell metacharacters
nvd
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.952
Percentile
99.4%
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Affected configurations
Node
sophosweb_appliance_firmwareMatch3.7.8
ORsophosweb_appliance_firmwareRange≤3.7.9
ORsophosweb_appliance_firmwareMatch3.0.0
ORsophosweb_appliance_firmwareMatch3.0.1
ORsophosweb_appliance_firmwareMatch3.0.1.1
ORsophosweb_appliance_firmwareMatch3.0.2
ORsophosweb_appliance_firmwareMatch3.0.3
ORsophosweb_appliance_firmwareMatch3.0.4
ORsophosweb_appliance_firmwareMatch3.0.5
ORsophosweb_appliance_firmwareMatch3.0.5.1
ORsophosweb_appliance_firmwareMatch3.1.0
ORsophosweb_appliance_firmwareMatch3.1.0.1
ORsophosweb_appliance_firmwareMatch3.1.1
ORsophosweb_appliance_firmwareMatch3.1.2
ORsophosweb_appliance_firmwareMatch3.1.3
ORsophosweb_appliance_firmwareMatch3.1.4
ORsophosweb_appliance_firmwareMatch3.2.1
ORsophosweb_appliance_firmwareMatch3.2.2
ORsophosweb_appliance_firmwareMatch3.2.2.1
ORsophosweb_appliance_firmwareMatch3.2.3
ORsophosweb_appliance_firmwareMatch3.2.4
ORsophosweb_appliance_firmwareMatch3.2.5
ORsophosweb_appliance_firmwareMatch3.2.6
ORsophosweb_appliance_firmwareMatch3.2.7
ORsophosweb_appliance_firmwareMatch3.3.0
ORsophosweb_appliance_firmwareMatch3.3.1
ORsophosweb_appliance_firmwareMatch3.3.2
ORsophosweb_appliance_firmwareMatch3.3.3
ORsophosweb_appliance_firmwareMatch3.3.3.1
ORsophosweb_appliance_firmwareMatch3.3.4
ORsophosweb_appliance_firmwareMatch3.3.5
ORsophosweb_appliance_firmwareMatch3.3.5.1
ORsophosweb_appliance_firmwareMatch3.3.6
ORsophosweb_appliance_firmwareMatch3.3.6.1
ORsophosweb_appliance_firmwareMatch3.4.0
ORsophosweb_appliance_firmwareMatch3.4.1
ORsophosweb_appliance_firmwareMatch3.4.2
ORsophosweb_appliance_firmwareMatch3.4.3
ORsophosweb_appliance_firmwareMatch3.4.3.1
ORsophosweb_appliance_firmwareMatch3.4.4
ORsophosweb_appliance_firmwareMatch3.4.5
ORsophosweb_appliance_firmwareMatch3.4.6
ORsophosweb_appliance_firmwareMatch3.4.7
ORsophosweb_appliance_firmwareMatch3.4.8
ORsophosweb_appliance_firmwareMatch3.5.0
ORsophosweb_appliance_firmwareMatch3.5.1
ORsophosweb_appliance_firmwareMatch3.5.1.1
ORsophosweb_appliance_firmwareMatch3.5.1.2
ORsophosweb_appliance_firmwareMatch3.5.2
ORsophosweb_appliance_firmwareMatch3.5.3
ORsophosweb_appliance_firmwareMatch3.5.4
ORsophosweb_appliance_firmwareMatch3.5.5
ORsophosweb_appliance_firmwareMatch3.5.6
ORsophosweb_appliance_firmwareMatch3.6.1
ORsophosweb_appliance_firmwareMatch3.6.1.1
ORsophosweb_appliance_firmwareMatch3.6.2
ORsophosweb_appliance_firmwareMatch3.6.2.1
ORsophosweb_appliance_firmwareMatch3.6.2.3
ORsophosweb_appliance_firmwareMatch3.6.2.4.0
ORsophosweb_appliance_firmwareMatch3.6.2.4.1
ORsophosweb_appliance_firmwareMatch3.6.3
ORsophosweb_appliance_firmwareMatch3.6.4
ORsophosweb_appliance_firmwareMatch3.6.4.1
ORsophosweb_appliance_firmwareMatch3.6.4.2
ORsophosweb_appliance_firmwareMatch3.7.0
ORsophosweb_appliance_firmwareMatch3.7.1
ORsophosweb_appliance_firmwareMatch3.7.2
ORsophosweb_appliance_firmwareMatch3.7.3
ORsophosweb_appliance_firmwareMatch3.7.4
ORsophosweb_appliance_firmwareMatch3.7.5
ORsophosweb_appliance_firmwareMatch3.7.6
ORsophosweb_appliance_firmwareMatch3.7.7
ORsophosweb_appliance_firmwareMatch3.7.8.1
ORsophosweb_appliance_firmwareMatch3.7.8.2
ORsophosweb_appliance_firmwareMatch3.8.0
ORsophosweb_appliance_firmwareMatch3.8.1
sophosweb_applianceMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sophos | web_appliance_firmware | 3.7.8 | cpe:2.3:a:sophos:web_appliance_firmware:3.7.8:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | * | cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.0 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.0:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.1 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.1:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.1.1 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.1.1:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.2 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.2:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.3 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.3:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.4 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.4:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.5 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.5:*:*:*:*:*:*:* |
| sophos | web_appliance_firmware | 3.0.5.1 | cpe:2.3:o:sophos:web_appliance_firmware:3.0.5.1:*:*:*:*:*:*:* |
Related
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2013-4983
2013-09-10 11:28:40
zdt
zdt
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection Vulnerability
2013-09-07 00:00:00
prion
prion
Code injection
2013-09-10 11:28:00
metasploit
metasploit
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-10 04:26:10
d2
d2
DSquare Exploit Pack: D2SEC_SWA
2013-09-10 11:28:00
packetstorm
packetstorm
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection
2013-09-07 00:00:00
cvelist
cvelist
CVE-2013-4983
2013-09-10 10:00:00
exploitdb
exploitdb
nessus
nessus
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-26 00:00:00
exploitpack
exploitpack
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
coresecurity
coresecurity
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-06 00:00:00
seebug
seebug
Sophos Web Protection Appliance - Multiple Vulnerabilities
2014-07-01 00:00:00
securityvulns
securityvulns
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-11 00:00:00
Sophos Web Protection Appliance code execution
2013-09-11 00:00:00
openvas
openvas
dsquare
dsquare
Sophos Web Protection Appliance 3.8.1 RCE
2013-09-10 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.952
Percentile
99.4%
Related for CVE-2013-4983