cvelistv5 - CVE-2017-6182

CVE-2017-6182 (GCVE-0-2017-6182)

Vulnerability from cvelistv5

Published

2017-03-30 17:00

Modified

2024-08-05 15:25

Severity ?

CWE

Summary

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

References

URL

Tags

cve@mitre.org	http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html	Release Notes, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/97261
cve@mitre.org	https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2	Vendor Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/42332/
af854a3a-2127-422b-91ae-364da2661108	http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97261
af854a3a-2127-422b-91ae-364da2661108	https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42332/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:25:47.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
          },
          {
            "name": "97261",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97261"
          },
          {
            "name": "42332",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42332/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-11T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
        },
        {
          "name": "97261",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97261"
        },
        {
          "name": "42332",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42332/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html",
              "refsource": "CONFIRM",
              "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
            },
            {
              "name": "97261",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97261"
            },
            {
              "name": "42332",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42332/"
            },
            {
              "name": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2",
              "refsource": "CONFIRM",
              "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-6182",
    "datePublished": "2017-03-30T17:00:00",
    "dateReserved": "2017-02-21T00:00:00",
    "dateUpdated": "2024-08-05T15:25:47.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6182\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-03-30T17:59:00.213\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.\"},{\"lang\":\"es\",\"value\":\"En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una secci\u00f3n de la interfaz de la m\u00e1quina responsable de generar informes era vulnerable a la inyecci\u00f3n de comandos remotos a trav\u00e9s de funciones, vulnerabilidad tambi\u00e9n conocida como NSWA-1304.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sophos:web_appliance:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.1.1\",\"matchCriteriaId\":\"EA5CEDA7-BC64-4628-9361-E93033BAEF8A\"}]}]}],\"references\":[{\"url\":\"http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97261\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42332/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42332/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-m6xg-v873-824r

Vulnerability from github

Published

2022-05-13 01:46

Modified

2025-04-20 03:35

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-30T17:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.",
  "id": "GHSA-m6xg-v873-824r",
  "modified": "2025-04-20T03:35:03Z",
  "published": "2022-05-13T01:46:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6182"
    },
    {
      "type": "WEB",
      "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42332"
    },
    {
      "type": "WEB",
      "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Vendors have confirmed this vulnerability NSWA-1304 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The product supports real-time network threat protection, custom web filtering and dynamic control applications. A remote attacker can exploit this vulnerability to inject commands. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected application or hijack an arbitrary session and gain unauthorized access to the affected application

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "web appliance",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "sophos",
        "version": "4.3.1.2"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sophos",
        "version": "4.3.1.1"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sophos",
        "version": "4.3.1.1"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.8.2"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.0"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "2.1.18"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.3.1"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.3"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.2.1.3"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.8.1.1"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.8.1"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.8.0"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.7.9.1"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.7.9"
      },
      {
        "_id": null,
        "model": "web appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.3.1.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      },
      {
        "db": "BID",
        "id": "97261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6182"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:sophos:web_appliance_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Russell Sanford, Kapil Khot and Russell Sanford.",
    "sources": [
      {
        "db": "BID",
        "id": "97261"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6182",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-6182",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-05239",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-6182",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6182",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6182",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05239",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-1383",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-6182",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6182"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. Vendors have confirmed this vulnerability NSWA-1304 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The product supports real-time network threat protection, custom web filtering and dynamic control applications. A remote attacker can exploit this vulnerability to inject commands. \nExploiting these issues could allow an attacker to execute arbitrary commands in context of the affected application or hijack an arbitrary session and gain unauthorized access to the affected application",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      },
      {
        "db": "BID",
        "id": "97261"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6182"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42332",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-6182"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6182",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "97261",
        "trust": 2.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42332",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6182",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6182"
      },
      {
        "db": "BID",
        "id": "97261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6182"
      }
    ]
  },
  "id": "VAR-201703-1056",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:13:08.573000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Version 4.3.1.2 Release Notes",
        "trust": 0.8,
        "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
      },
      {
        "title": "Release of SWA v4.3.1.2",
        "trust": 0.8,
        "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
      },
      {
        "title": "Patch for SophosWebAppliance Remote Command Injection Vulnerability (CNVD-2017-05239)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/92641"
      },
      {
        "title": "Sophos Web Appliance Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68890"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6182"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.6,
        "url": "http://wsa.sophos.com/rn/swa/concepts/releasenotes_4.3.1.2.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/97261"
      },
      {
        "trust": 1.8,
        "url": "https://www.exploit-db.com/exploits/42332/"
      },
      {
        "trust": 1.7,
        "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6182"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6182"
      },
      {
        "trust": 0.3,
        "url": "http://www.splunk.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6182"
      },
      {
        "db": "BID",
        "id": "97261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6182"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05239",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6182",
        "ident": null
      },
      {
        "db": "BID",
        "id": "97261",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6182",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2017-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05239",
        "ident": null
      },
      {
        "date": "2017-03-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6182",
        "ident": null
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "BID",
        "id": "97261",
        "ident": null
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002797",
        "ident": null
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1383",
        "ident": null
      },
      {
        "date": "2017-03-30T17:59:00.213000",
        "db": "NVD",
        "id": "CVE-2017-6182",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2017-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05239",
        "ident": null
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6182",
        "ident": null
      },
      {
        "date": "2017-04-04T00:02:00",
        "db": "BID",
        "id": "97261",
        "ident": null
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002797",
        "ident": null
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-1383",
        "ident": null
      },
      {
        "date": "2024-11-21T03:29:12.130000",
        "db": "NVD",
        "id": "CVE-2017-6182",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "Sophos Web Appliance Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "_id": null,
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-1383"
      }
    ],
    "trust": 0.6
  }
}

gsd-2017-6182

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

Aliases

CVE-2017-6182

Aliases

CVE-2017-6182

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6182",
    "description": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.",
    "id": "GSD-2017-6182",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-6182"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6182"
      ],
      "details": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.",
      "id": "GSD-2017-6182",
      "modified": "2023-12-13T01:21:09.263274Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-6182",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html",
            "refsource": "CONFIRM",
            "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
          },
          {
            "name": "97261",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97261"
          },
          {
            "name": "42332",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/42332/"
          },
          {
            "name": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2",
            "refsource": "CONFIRM",
            "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sophos:web_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6182"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
            },
            {
              "name": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
            },
            {
              "name": "97261",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/97261"
            },
            {
              "name": "42332",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/42332/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-03-30T17:59Z"
    }
  }
}

cnvd-2017-05239

Vulnerability from cnvd

Title

Sophos Web Appliance远程命令注入漏洞（CNVD-2017-05239）

Description

Sophos Web Appliance（SWA）是英国Sophos公司的一套Web安全网关产品。该产品支持实时网络威胁防护、自定义Web过滤和动态控制应用程序等。 Sophos Web Appliance（SWA）4.3.1.2之前的版本中存在远程命令注入漏洞。远程攻击者可利用该漏洞注入命令。

Severity

高

Patch Name

Sophos Web Appliance远程命令注入漏洞（CNVD-2017-05239）的补丁

Patch Description

Sophos Web Appliance（SWA）是英国Sophos公司的一套Web安全网关产品。该产品支持实时网络威胁防护、自定义Web过滤和动态控制应用程序等。 Sophos Web Appliance（SWA）4.3.1.2之前的版本中存在远程命令注入漏洞。远程攻击者可利用该漏洞注入命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html

Reference

http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261

Impacted products

Name
Sophos Sophos Web Appliance <4.3.1.2

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97261"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6182"
    }
  },
  "description": "Sophos Web Appliance\uff08SWA\uff09\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u7f51\u5173\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u5b9e\u65f6\u7f51\u7edc\u5a01\u80c1\u9632\u62a4\u3001\u81ea\u5b9a\u4e49Web\u8fc7\u6ee4\u548c\u52a8\u6001\u63a7\u5236\u5e94\u7528\u7a0b\u5e8f\u7b49\u3002 \r\n\r\nSophos Web Appliance\uff08SWA\uff094.3.1.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u547d\u4ee4\u3002",
  "discovererName": "Russell Sanford, Kapil Khot and Russell Sanford.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05239",
  "openTime": "2017-04-24",
  "patchDescription": "Sophos Web Appliance\uff08SWA\uff09\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u4e00\u5957Web\u5b89\u5168\u7f51\u5173\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u5b9e\u65f6\u7f51\u7edc\u5a01\u80c1\u9632\u62a4\u3001\u81ea\u5b9a\u4e49Web\u8fc7\u6ee4\u548c\u52a8\u6001\u63a7\u5236\u5e94\u7528\u7a0b\u5e8f\u7b49\u3002 \r\n\r\nSophos Web Appliance\uff08SWA\uff094.3.1.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sophos Web Appliance\u8fdc\u7a0b\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-05239\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Sophos Sophos Web Appliance \u003c4.3.1.2"
  },
  "referenceLink": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html\r\nhttp://www.securityfocus.com/bid/97261",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-05",
  "title": "Sophos Web Appliance\u8fdc\u7a0b\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-05239\uff09"
}

fkie_cve-2017-6182

Vulnerability from fkie_nvd

Published

2017-03-30 17:59

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

References

URL	Tags
cve@mitre.org	http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html	Release Notes, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/97261
cve@mitre.org	https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2	Vendor Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/42332/
af854a3a-2127-422b-91ae-364da2661108	http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97261
af854a3a-2127-422b-91ae-364da2661108	https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42332/

Impacted products

	Vendor	Product	Version
	sophos	web_appliance	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sophos:web_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA5CEDA7-BC64-4628-9361-E93033BAEF8A",
              "versionEndIncluding": "4.3.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine\u0027s interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304."
    },
    {
      "lang": "es",
      "value": "En Sophos Web Appliance (SWA) en versiones anteriores a 4.3.1.2, una secci\u00f3n de la interfaz de la m\u00e1quina responsable de generar informes era vulnerable a la inyecci\u00f3n de comandos remotos a trav\u00e9s de funciones, vulnerabilidad tambi\u00e9n conocida como NSWA-1304."
    }
  ],
  "id": "CVE-2017-6182",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-30T17:59:00.213",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/97261"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/42332/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/97261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/42332/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6182 (GCVE-0-2017-6182)

Vulnerability from cvelistv5

ghsa-m6xg-v873-824r

Vulnerability from github

var-201703-1056

Vulnerability from variot

gsd-2017-6182

Vulnerability from gsd

cnvd-2017-05239

Vulnerability from cnvd

fkie_cve-2017-6182

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature