Web application abuses : Sophos Web Appliance Web Interface Multiple Vulnerabilities (Feb 2013)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103688

Categoría: Web application abuses

Título: Sophos Web Appliance Web Interface Multiple Vulnerabilities (Feb 2013) - Active Check

Resumen: Sophos Web Appliance Web Interface is prone to multiple; vulnerabilities.

Descripción: Summary:
Sophos Web Appliance Web Interface is prone to multiple
vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2013-2641 / Unauthenticated local file disclosure: Unauthenticated users can read arbitrary
files from the filesystem with the privileges of the 'spiderman' operating system user.

- CVE-2013-2642 / OS command injection: Authenticated users can execute arbitrary commands on the
underlying operating system with the privileges of the 'spiderman' operating system user.

- CVE-2013-2643 / Cross Site Scripting (XSS): Reflected Cross Site Scripting vulnerabilities were
found. An attacker could have used these vulnerabilities to conduct phishing attacks.

Solution:
The vendor released version 3.7.8.2 to address these issues.

Please see the references and contact the vendor for information on how to obtain and apply the
updates.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2641
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt
Common Vulnerability Exposure (CVE) ID: CVE-2013-2642
Common Vulnerability Exposure (CVE) ID: CVE-2013-2643

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103688
Categoría:	Web application abuses
Título:	Sophos Web Appliance Web Interface Multiple Vulnerabilities (Feb 2013) - Active Check
Resumen:	Sophos Web Appliance Web Interface is prone to multiple; vulnerabilities.
Descripción:	Summary: Sophos Web Appliance Web Interface is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2013-2641 / Unauthenticated local file disclosure: Unauthenticated users can read arbitrary files from the filesystem with the privileges of the 'spiderman' operating system user. - CVE-2013-2642 / OS command injection: Authenticated users can execute arbitrary commands on the underlying operating system with the privileges of the 'spiderman' operating system user. - CVE-2013-2643 / Cross Site Scripting (XSS): Reflected Cross Site Scripting vulnerabilities were found. An attacker could have used these vulnerabilities to conduct phishing attacks. Solution: The vendor released version 3.7.8.2 to address these issues. Please see the references and contact the vendor for information on how to obtain and apply the updates. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2641 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt Common Vulnerability Exposure (CVE) ID: CVE-2013-2642 Common Vulnerability Exposure (CVE) ID: CVE-2013-2643
Copyright	Copyright (C) 2013 Greenbone AG