CVE-2017-6182 – Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection
https://notcve.org/view.php?id=CVE-2017-6182
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una sección de la interfaz de la máquina responsable de generar informes era vulnerable a la inyección de comandos remotos a través de funciones, vulnerabilidad también conocida como NSWA-1304. • https://www.exploit-db.com/exploits/42332 http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-6184
https://notcve.org/view.php?id=CVE-2017-6184
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una sección de la interfaz de la máquina responsable de generar informes era vulnerable a la inyección de comando remoto a través del parámetro token, vulnerabilidad también conocida como NSWA-1303. • http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2017-6412 – Sophos Web Appliance 4.3.1.1 - Session Fixation
https://notcve.org/view.php?id=CVE-2017-6412
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, podría ocurrir la fijación de sesión, vulnerabilidad también conocida como NSWA-1310. Sophos Web Appliance version 4.3.1.1 suffers from a session fixation vulnerability. • https://www.exploit-db.com/exploits/42012 http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 https://www.qualys.com/2017/02/28/qsa-2017-02-28/qsa-2017-02-28.pdf • CWE-384: Session Fixation •
CVE-2017-6183
https://notcve.org/view.php?id=CVE-2017-6183
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una sección de las utilidades de configuración de la máquina para agregar (y detectar) servidores Active Directory era vulnerable a inyección de comandos remotos, vulnerabilidad también conocida como NSWA-1314. • http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-9553 – Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection
https://notcve.org/view.php?id=CVE-2016-9553
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258. • https://www.exploit-db.com/exploits/41413 http://pastebin.com/DUYuN0U5 http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.html http://www.securityfocus.com/bid/95853 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •