fkie_cve-2013-4983
Vulnerability from fkie_nvd
Published
2013-09-10 11:28
Modified
2025-04-11 00:51
Severity ?
Summary
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:web_appliance_firmware:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1F13FE47-7269-42AF-9601-C04DB5BEF398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1926B1A8-9B8B-420A-B58B-B55C2687F2E6",
"versionEndIncluding": "3.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8A7150-8264-416C-87DB-E9CDD318A82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57A40D50-1324-459A-81F2-1C57FFCB0206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7EB10A-A245-4688-9619-10A98BA5E23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FCF4B-4BAF-409C-9500-BA729C11C098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "245AA033-6388-4EB1-84FC-12FD3683F5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9AEBAC-E764-4A12-99E5-C643C4BEC88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19FBAC31-D306-4C13-81B0-7EE733EBE258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA62F916-6282-40C2-BBF0-0EDAFEE085BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84BF84-3204-4717-B6E7-3786A52ECB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8BE4DA-F1AE-41BF-B062-9D50ACC0B9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFA7CD3-3F79-408E-B68F-9EFF382B29E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "589BBFA8-3A56-4057-BE9E-EC63AA837CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C524417-B3CD-46B9-8A59-C489170E264E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E5111B15-366D-4B8E-946C-5E294907B399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1F32D9-BAA5-420D-AE0D-4E64320DB004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E2D4E-15A7-41BB-9F9E-162CEB797B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1090659-0F39-4E89-AA83-699549471839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBBFF84-0C64-4B50-AAA4-02A5B41F1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAD5CD0-9B52-4FF2-B1E2-BA2223073893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9132766-CAD5-4BE4-8E11-80251C28A974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "402C91F9-5FAF-4A1E-8350-799F825B2E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E69BED8D-1A92-4384-8BB4-5822FC69E29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2574CFB6-D3F2-41F0-88A4-152BD2F42427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72589AEB-DE8A-4385-BBA9-D6B8A74AFC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "934B4C03-1B9A-4B83-A396-1A44BCA8C1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08CC0060-A20C-4769-BA3F-43EDC8DAC750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DED9963-61AE-44C6-AC73-0F1AD82E34CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D078EE8-828A-4852-835A-CEC103A23A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1F9D52-CFEA-41B1-8477-1FF06FFB3EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEAE73E-5B43-48E9-A048-143F58FBC784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F23A049-F7D3-4CC0-B75D-A65D2151E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8E4724-F49B-4C1B-9879-7DFC23E12F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77EEB883-CF36-4274-B5C6-C83CB6C237A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3063D8C-6CBE-4929-BBB8-5D6AB935DF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4BB573-434C-48C6-9C25-FD804FB4AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "54365D65-F2D6-423E-B3D3-B69C432A0CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57AFF87D-4DC8-42C1-9DAF-99A85D753D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "240B178F-4BE5-4778-AFEB-9BA53B866E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89E03D20-3D0F-4BAC-8A30-3464F3C811E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69C112DE-1BC2-434F-B68D-EFE043A79FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49558797-D233-499D-85D8-AF8DEF667448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FF0A14-F791-4E03-B70A-C622824D49C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BDFF3F-3FD2-4E20-9D1F-19186CD83611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC1965-4E62-4DBF-AF18-ABFA7A3F54B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8573D8-DD6E-49C6-9AE8-A92880367435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B9976F-5CC8-4FAF-AAAA-CE5E3B99AF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D31A8-8DCE-4FE2-8816-FB6D43575DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "572BC9FF-8BC2-4839-88B1-E675A39AFF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED348A0-8645-48FD-8851-B803C4220BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7FC1C8-97BE-41DC-A81D-F8950D6716BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "171D7FA2-8DBB-436A-B963-D6A02707C0E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83C13E74-8583-446C-9EC9-0E97CE383619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "507DBEDA-F5BA-4FA4-BE81-29A648058B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4B04F3-0306-4CDB-BE6B-648F37CB9722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE5DBC9-FD14-4BB8-9BE5-859216819D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE153D0-69DC-4724-9119-B8EF06A24404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E7297E-81EF-49BE-85F0-79CCF1B4BB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F97C2079-150D-4CE0-909B-5B106F66E265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "049E873D-0E1B-4AA1-AFF7-5738A3DD145C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE97EF8-DC5C-460C-AA8B-6C7E86F2143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3242A2-FB0F-45DE-B362-3EC65FD360E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E53E03-EC8A-4B83-A91B-44B2C96B5CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5347976-394B-42F9-A0B9-D63DCAC8719B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5456C566-9473-4665-8CDD-D795CA6369A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC57EEC-5D83-4640-B625-BDB9BF8148C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14EEEB2D-2973-4C72-8445-6B51CB6D05A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74D9F811-E875-4DE9-9F35-C3540FCCBFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D587EB-200C-4979-B2C7-578F0BC5FD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "230DD33A-0D47-4B64-BDA9-5A28814E113F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "827687F6-E29A-4D87-8C44-8EC91FF2F1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDB0A27-9E8A-4169-A874-3ACDDE105CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "178F7104-4BDC-43A1-ADCB-4B5E1879A67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB8C9E0-6E62-48FA-9E55-489FE073E996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B249C69-5FCA-4B1A-8D58-B32B2F45FB7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php."
},
{
"lang": "es",
"value": "La funci\u00f3n get_referers en /opt/ws/bin/sblistpack de Sophos Web Appliance anterior a 3.7.9.1 y 3.8 (anterior a 3.8.1.1) permite a un atacante remoto ejecutar comandos a discrecci\u00f3n a trav\u00e9s de metacaracteres shell en el parametro dominio de end-user/index.php"
}
],
"id": "CVE-2013-4983",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-10T11:28:40.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…