Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-4983
cve-2013-4983
sophos web appliance
remote attackers
arbitrary commands
shell metacharacters
nvd
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.917 High
EPSS
Percentile
98.9%
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Affected configurations
Node
sophosweb_appliance_firmwareMatch3.7.8
ORsophosweb_appliance_firmwareRange≤3.7.9
ORsophosweb_appliance_firmwareMatch3.0.0
ORsophosweb_appliance_firmwareMatch3.0.1
ORsophosweb_appliance_firmwareMatch3.0.1.1
ORsophosweb_appliance_firmwareMatch3.0.2
ORsophosweb_appliance_firmwareMatch3.0.3
ORsophosweb_appliance_firmwareMatch3.0.4
ORsophosweb_appliance_firmwareMatch3.0.5
ORsophosweb_appliance_firmwareMatch3.0.5.1
ORsophosweb_appliance_firmwareMatch3.1.0
ORsophosweb_appliance_firmwareMatch3.1.0.1
ORsophosweb_appliance_firmwareMatch3.1.1
ORsophosweb_appliance_firmwareMatch3.1.2
ORsophosweb_appliance_firmwareMatch3.1.3
ORsophosweb_appliance_firmwareMatch3.1.4
ORsophosweb_appliance_firmwareMatch3.2.1
ORsophosweb_appliance_firmwareMatch3.2.2
ORsophosweb_appliance_firmwareMatch3.2.2.1
ORsophosweb_appliance_firmwareMatch3.2.3
ORsophosweb_appliance_firmwareMatch3.2.4
ORsophosweb_appliance_firmwareMatch3.2.5
ORsophosweb_appliance_firmwareMatch3.2.6
ORsophosweb_appliance_firmwareMatch3.2.7
ORsophosweb_appliance_firmwareMatch3.3.0
ORsophosweb_appliance_firmwareMatch3.3.1
ORsophosweb_appliance_firmwareMatch3.3.2
ORsophosweb_appliance_firmwareMatch3.3.3
ORsophosweb_appliance_firmwareMatch3.3.3.1
ORsophosweb_appliance_firmwareMatch3.3.4
ORsophosweb_appliance_firmwareMatch3.3.5
ORsophosweb_appliance_firmwareMatch3.3.5.1
ORsophosweb_appliance_firmwareMatch3.3.6
ORsophosweb_appliance_firmwareMatch3.3.6.1
ORsophosweb_appliance_firmwareMatch3.4.0
ORsophosweb_appliance_firmwareMatch3.4.1
ORsophosweb_appliance_firmwareMatch3.4.2
ORsophosweb_appliance_firmwareMatch3.4.3
ORsophosweb_appliance_firmwareMatch3.4.3.1
ORsophosweb_appliance_firmwareMatch3.4.4
ORsophosweb_appliance_firmwareMatch3.4.5
ORsophosweb_appliance_firmwareMatch3.4.6
ORsophosweb_appliance_firmwareMatch3.4.7
ORsophosweb_appliance_firmwareMatch3.4.8
ORsophosweb_appliance_firmwareMatch3.5.0
ORsophosweb_appliance_firmwareMatch3.5.1
ORsophosweb_appliance_firmwareMatch3.5.1.1
ORsophosweb_appliance_firmwareMatch3.5.1.2
ORsophosweb_appliance_firmwareMatch3.5.2
ORsophosweb_appliance_firmwareMatch3.5.3
ORsophosweb_appliance_firmwareMatch3.5.4
ORsophosweb_appliance_firmwareMatch3.5.5
ORsophosweb_appliance_firmwareMatch3.5.6
ORsophosweb_appliance_firmwareMatch3.6.1
ORsophosweb_appliance_firmwareMatch3.6.1.1
ORsophosweb_appliance_firmwareMatch3.6.2
ORsophosweb_appliance_firmwareMatch3.6.2.1
ORsophosweb_appliance_firmwareMatch3.6.2.3
ORsophosweb_appliance_firmwareMatch3.6.2.4.0
ORsophosweb_appliance_firmwareMatch3.6.2.4.1
ORsophosweb_appliance_firmwareMatch3.6.3
ORsophosweb_appliance_firmwareMatch3.6.4
ORsophosweb_appliance_firmwareMatch3.6.4.1
ORsophosweb_appliance_firmwareMatch3.6.4.2
ORsophosweb_appliance_firmwareMatch3.7.0
ORsophosweb_appliance_firmwareMatch3.7.1
ORsophosweb_appliance_firmwareMatch3.7.2
ORsophosweb_appliance_firmwareMatch3.7.3
ORsophosweb_appliance_firmwareMatch3.7.4
ORsophosweb_appliance_firmwareMatch3.7.5
ORsophosweb_appliance_firmwareMatch3.7.6
ORsophosweb_appliance_firmwareMatch3.7.7
ORsophosweb_appliance_firmwareMatch3.7.8.1
ORsophosweb_appliance_firmwareMatch3.7.8.2
ORsophosweb_appliance_firmwareMatch3.8.0
ORsophosweb_appliance_firmwareMatch3.8.1
sophosweb_applianceMatch-
Related
zdt
zdt
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection Vulnerability
2013-09-07 00:00:00
nvd
nvd
CVE-2013-4983
2013-09-10 11:28:40
d2
d2
DSquare Exploit Pack: D2SEC_SWA
2013-09-10 11:28:00
packetstorm
packetstorm
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection
2013-09-07 00:00:00
cvelist
cvelist
CVE-2013-4983
2022-10-03 16:14:58
prion
prion
Code injection
2013-09-10 11:28:00
checkpoint_advisories
checkpoint_advisories
dsquare
dsquare
Sophos Web Protection Appliance 3.8.1 RCE
2013-09-10 00:00:00
openvas
openvas
securityvulns
securityvulns
Sophos Web Protection Appliance code execution
2013-09-11 00:00:00
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-11 00:00:00
coresecurity
coresecurity
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-06 00:00:00
seebug
seebug
Sophos Web Protection Appliance - Multiple Vulnerabilities
2014-07-01 00:00:00
nessus
nessus
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-26 00:00:00
exploitpack
exploitpack
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
exploitdb
exploitdb
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.917 High
EPSS
Percentile
98.9%
Related for CVE-2013-4983