Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

INFIGO-2008-02-13.txt

🗓️ 15 Feb 2008 00:00:00Reported by Leon JuranicType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Sophos Email Security XSS Vulnerabilit

Code
`   
INFIGO IS Security Advisory #ADV-2008-02-13  
http://www.infigo.hr/en/  
  
  
  
  
Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability  
Advisory ID: INFIGO-2008-02-13  
Date: 2008-02-13  
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-02-13  
Impact: Malicious JavaScript Code Injection  
Risk Level: Medium  
Vulnerability Type: Remote  
  
  
  
  
==[ Overview  
  
Sophos ES1000 Email Security Appliance delivers protection against spam,  
viruses, Trojans, spyware and other malware. Sophos's award-winning  
anti-virus engine detects all types of malware in a single, high-speed   
scan. Every Sophos appliance is updated with new protection intelligence   
every 5 minutes.  
  
  
  
==[ Vulnerability  
  
During an audit of Sophos ES1000 Email Security Appliance, a Cross Site   
Scripting vulnerability was discovered in its web administration interface.  
Administration web interface is available on the public network interface,  
over HTTPS on port 18080.  
  
Lack of input validation for 'error' and 'go' parameters of the 'Login'  
script, allows malicious JavaScript code injection.  
  
https://192.168.0.10:18080/Login?logout=0&error=<INJECTION>&go=<INJECTION>  
  
This can be exploited by a malicious user to steal Sophos ES1000 Email   
Security Appliance administrator credentials, and shut down the appliance,  
or change its configuration.  
  
  
  
==[ Affected Version  
  
The vulnerability has been identified in the latest available Sophos  
ES1000 and ES4000 Email Security appliances.   
  
  
  
==[ Fix  
  
This vulnerability has been fixed in Sophos Email Appliance version 2.1.1.0  
and above, available automatically to Sophos' customers between 14-21  
February 2008. More information at  
http://www.sophos.com/support/knowledgebase/article/34733.html  
  
  
  
==[ PoC Exploit  
  
Not needed.  
  
  
  
==[ Vendor status  
  
28.01.2008 - Initial contact, automated response  
04.02.2008 - Repeated contact  
06.02.2008 - Vendor response  
07.02.2008 - Vendor status update  
08.02.2008 - Vendor status update  
13.02.2008 - Vendor status update  
14.02.2008 - fix available  
15.02.2008 - Coordinated public disclosure  
  
  
  
==[ Credits  
  
Vulnerability discovered by Leon Juranic <[email protected]>.  
  
  
  
==[ INFIGO IS Security Contact  
  
INFIGO IS,  
  
WWW : http://www.infigo.hr/en/  
E-mail : [email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Feb 2008 00:00Current
7.4High risk
Vulners AI Score7.4
sophos email securitycross site scriptingxssmalicious javascript code injectionremotesophos es1000sophos es4000version 2.1.1.0
30