Lucene search

[email protected]CVE-2013-2642

HistoryMar 18, 2014 - 5:02 p.m.

CVE-2013-2642

2014-03-1817:02:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2013-2642

sophos

web appliance

command execution

remote attackers

shell metacharacters

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.1%

JSON

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.

CPENameOperatorVersion
sophos:web_appliance_firmwaresophos web appliance firmwarele3.7.8.1
sophos:web_appliancesophos web applianceeq-

CPE	Name	Operator	Version
sophos:web_appliance_firmware	sophos web appliance firmware	le	3.7.8.1
sophos:web_appliance	sophos web appliance	eq	-

References

www.sophos.com/en-us/support/knowledgebase/118969.aspx

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for CVE-2013-2642

prion1 cvelist1 dsquare1 zdt1 securityvulns2 packetstorm1 exploitpack1 openvas1 exploitdb1