CVE-2016-6597
Sophos Mobile Control 3.5.0.3 Open Reverse Proxy
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.
Sophos EAS Proxy en versiones anteriores a 6.2.0 para Sophos Mobile Control, cuando Lotus Traveler está habilitada, permite a atacantes remotos acceder a recursos web arbitrarios desde el sistema de correo del backend a través de una petición del recurso, también conocida como una vulnerabilidad Open Reverse Proxy.
Sophos EAS Proxy is part of the Enterprise Mobility Management (EMM) platform Sophos Mobile Control, which allows control of mail access for managed mobile devices. Anonymous attackers can access any web-resources of the backend mail system like Microsoft Exchange or IBM Domino, if Lotus Traveler option is enabled. Brute force attacks against users in the backend mail system are also possible. Version 3.5.0.3 is affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-04 CVE Reserved
- 2016-08-05 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html | X_refsource_misc |
|
| http://www.securityfocus.com/archive/1/539126/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/92351 | Third Party Advisory | |
| https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sophos Search vendor "Sophos" | Mobile Control Eas Proxy Search vendor "Sophos" for product "Mobile Control Eas Proxy" | <= 3.5.0.3 Search vendor "Sophos" for product "Mobile Control Eas Proxy" and version " <= 3.5.0.3" | - |
Affected
| ||||||