Vulnerability Description
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Web Appliance Firmware | 3.7.8 |
| Sophos | Web Appliance | - |
Related Weaknesses (CWE)
References
- http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-Exploit
- http://www.sophos.com/en-us/support/knowledgebase/119773.aspxVendor Advisory
- http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-Exploit
- http://www.sophos.com/en-us/support/knowledgebase/119773.aspxVendor Advisory
FAQ
What is CVE-2013-4983?
CVE-2013-4983 is a vulnerability with a CVSS score of 10.0 (HIGH). The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ...
How severe is CVE-2013-4983?
CVE-2013-4983 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4983?
Check the references section above for vendor advisories and patch information. Affected products include: Sophos Web Appliance Firmware, Sophos Web Appliance.