Lucene search
HistorySep 10, 2013 - 11:28 a.m.
CVE-2013-4983
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.917 High
EPSS
Percentile
98.9%
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Affected configurations
Node
sophosweb_appliance_firmwareMatch3.7.8
ORsophosweb_appliance_firmwareRange≤3.7.9
ORsophosweb_appliance_firmwareMatch3.0.0
ORsophosweb_appliance_firmwareMatch3.0.1
ORsophosweb_appliance_firmwareMatch3.0.1.1
ORsophosweb_appliance_firmwareMatch3.0.2
ORsophosweb_appliance_firmwareMatch3.0.3
ORsophosweb_appliance_firmwareMatch3.0.4
ORsophosweb_appliance_firmwareMatch3.0.5
ORsophosweb_appliance_firmwareMatch3.0.5.1
ORsophosweb_appliance_firmwareMatch3.1.0
ORsophosweb_appliance_firmwareMatch3.1.0.1
ORsophosweb_appliance_firmwareMatch3.1.1
ORsophosweb_appliance_firmwareMatch3.1.2
ORsophosweb_appliance_firmwareMatch3.1.3
ORsophosweb_appliance_firmwareMatch3.1.4
ORsophosweb_appliance_firmwareMatch3.2.1
ORsophosweb_appliance_firmwareMatch3.2.2
ORsophosweb_appliance_firmwareMatch3.2.2.1
ORsophosweb_appliance_firmwareMatch3.2.3
ORsophosweb_appliance_firmwareMatch3.2.4
ORsophosweb_appliance_firmwareMatch3.2.5
ORsophosweb_appliance_firmwareMatch3.2.6
ORsophosweb_appliance_firmwareMatch3.2.7
ORsophosweb_appliance_firmwareMatch3.3.0
ORsophosweb_appliance_firmwareMatch3.3.1
ORsophosweb_appliance_firmwareMatch3.3.2
ORsophosweb_appliance_firmwareMatch3.3.3
ORsophosweb_appliance_firmwareMatch3.3.3.1
ORsophosweb_appliance_firmwareMatch3.3.4
ORsophosweb_appliance_firmwareMatch3.3.5
ORsophosweb_appliance_firmwareMatch3.3.5.1
ORsophosweb_appliance_firmwareMatch3.3.6
ORsophosweb_appliance_firmwareMatch3.3.6.1
ORsophosweb_appliance_firmwareMatch3.4.0
ORsophosweb_appliance_firmwareMatch3.4.1
ORsophosweb_appliance_firmwareMatch3.4.2
ORsophosweb_appliance_firmwareMatch3.4.3
ORsophosweb_appliance_firmwareMatch3.4.3.1
ORsophosweb_appliance_firmwareMatch3.4.4
ORsophosweb_appliance_firmwareMatch3.4.5
ORsophosweb_appliance_firmwareMatch3.4.6
ORsophosweb_appliance_firmwareMatch3.4.7
ORsophosweb_appliance_firmwareMatch3.4.8
ORsophosweb_appliance_firmwareMatch3.5.0
ORsophosweb_appliance_firmwareMatch3.5.1
ORsophosweb_appliance_firmwareMatch3.5.1.1
ORsophosweb_appliance_firmwareMatch3.5.1.2
ORsophosweb_appliance_firmwareMatch3.5.2
ORsophosweb_appliance_firmwareMatch3.5.3
ORsophosweb_appliance_firmwareMatch3.5.4
ORsophosweb_appliance_firmwareMatch3.5.5
ORsophosweb_appliance_firmwareMatch3.5.6
ORsophosweb_appliance_firmwareMatch3.6.1
ORsophosweb_appliance_firmwareMatch3.6.1.1
ORsophosweb_appliance_firmwareMatch3.6.2
ORsophosweb_appliance_firmwareMatch3.6.2.1
ORsophosweb_appliance_firmwareMatch3.6.2.3
ORsophosweb_appliance_firmwareMatch3.6.2.4.0
ORsophosweb_appliance_firmwareMatch3.6.2.4.1
ORsophosweb_appliance_firmwareMatch3.6.3
ORsophosweb_appliance_firmwareMatch3.6.4
ORsophosweb_appliance_firmwareMatch3.6.4.1
ORsophosweb_appliance_firmwareMatch3.6.4.2
ORsophosweb_appliance_firmwareMatch3.7.0
ORsophosweb_appliance_firmwareMatch3.7.1
ORsophosweb_appliance_firmwareMatch3.7.2
ORsophosweb_appliance_firmwareMatch3.7.3
ORsophosweb_appliance_firmwareMatch3.7.4
ORsophosweb_appliance_firmwareMatch3.7.5
ORsophosweb_appliance_firmwareMatch3.7.6
ORsophosweb_appliance_firmwareMatch3.7.7
ORsophosweb_appliance_firmwareMatch3.7.8.1
ORsophosweb_appliance_firmwareMatch3.7.8.2
ORsophosweb_appliance_firmwareMatch3.8.0
ORsophosweb_appliance_firmwareMatch3.8.1
sophosweb_applianceMatch-
Related
zdt
zdt
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection Vulnerability
2013-09-07 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SWA
2013-09-10 11:28:00
packetstorm
packetstorm
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-17 00:00:00
Sophos Web Protection Appliance Command Injection
2013-09-07 00:00:00
cvelist
cvelist
CVE-2013-4983
2022-10-03 16:14:58
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2013-4983
2022-10-03 16:14:58
prion
prion
Code injection
2013-09-10 11:28:00
dsquare
dsquare
Sophos Web Protection Appliance 3.8.1 RCE
2013-09-10 00:00:00
openvas
openvas
securityvulns
securityvulns
Sophos Web Protection Appliance code execution
2013-09-11 00:00:00
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-11 00:00:00
exploitpack
exploitpack
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
nessus
nessus
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-26 00:00:00
coresecurity
coresecurity
Sophos Web Protection Appliance Multiple Vulnerabilities
2013-09-06 00:00:00
seebug
seebug
Sophos Web Protection Appliance - Multiple Vulnerabilities
2014-07-01 00:00:00
exploitdb
exploitdb
Sophos Web Protection Appliance - Multiple Vulnerabilities
2013-09-09 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.917 High
EPSS
Percentile
98.9%
Related for NVD:CVE-2013-4983