CVE-2013-4983
Published Sep 10, 2013
Last updated 11 years ago
Overview
- Description
- The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sophos:web_appliance_firmware:3.7.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F13FE47-7269-42AF-9601-C04DB5BEF398"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1926B1A8-9B8B-420A-B58B-B55C2687F2E6",
"versionEndIncluding": "3.7.9"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC8A7150-8264-416C-87DB-E9CDD318A82E"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57A40D50-1324-459A-81F2-1C57FFCB0206"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA7EB10A-A245-4688-9619-10A98BA5E23F"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A64FCF4B-4BAF-409C-9500-BA729C11C098"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "245AA033-6388-4EB1-84FC-12FD3683F5B9"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD9AEBAC-E764-4A12-99E5-C643C4BEC88E"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19FBAC31-D306-4C13-81B0-7EE733EBE258"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA62F916-6282-40C2-BBF0-0EDAFEE085BC"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D84BF84-3204-4717-B6E7-3786A52ECB70"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B8BE4DA-F1AE-41BF-B062-9D50ACC0B9FA"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBFA7CD3-3F79-408E-B68F-9EFF382B29E7"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "589BBFA8-3A56-4057-BE9E-EC63AA837CFF"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C524417-B3CD-46B9-8A59-C489170E264E"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5111B15-366D-4B8E-946C-5E294907B399"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A1F32D9-BAA5-420D-AE0D-4E64320DB004"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E93E2D4E-15A7-41BB-9F9E-162CEB797B9B"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1090659-0F39-4E89-AA83-699549471839"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FBBFF84-0C64-4B50-AAA4-02A5B41F1C46"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DAD5CD0-9B52-4FF2-B1E2-BA2223073893"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9132766-CAD5-4BE4-8E11-80251C28A974"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "402C91F9-5FAF-4A1E-8350-799F825B2E95"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E69BED8D-1A92-4384-8BB4-5822FC69E29A"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2574CFB6-D3F2-41F0-88A4-152BD2F42427"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72589AEB-DE8A-4385-BBA9-D6B8A74AFC87"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "934B4C03-1B9A-4B83-A396-1A44BCA8C1BE"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08CC0060-A20C-4769-BA3F-43EDC8DAC750"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DED9963-61AE-44C6-AC73-0F1AD82E34CE"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D078EE8-828A-4852-835A-CEC103A23A40"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F1F9D52-CFEA-41B1-8477-1FF06FFB3EAD"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BEAE73E-5B43-48E9-A048-143F58FBC784"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F23A049-F7D3-4CC0-B75D-A65D2151E265"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B8E4724-F49B-4C1B-9879-7DFC23E12F2F"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77EEB883-CF36-4274-B5C6-C83CB6C237A3"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3063D8C-6CBE-4929-BBB8-5D6AB935DF55"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC4BB573-434C-48C6-9C25-FD804FB4AAA4"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54365D65-F2D6-423E-B3D3-B69C432A0CB6"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57AFF87D-4DC8-42C1-9DAF-99A85D753D22"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "240B178F-4BE5-4778-AFEB-9BA53B866E01"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89E03D20-3D0F-4BAC-8A30-3464F3C811E4"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69C112DE-1BC2-434F-B68D-EFE043A79FB0"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49558797-D233-499D-85D8-AF8DEF667448"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3FF0A14-F791-4E03-B70A-C622824D49C7"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1BDFF3F-3FD2-4E20-9D1F-19186CD83611"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EAC1965-4E62-4DBF-AF18-ABFA7A3F54B4"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F8573D8-DD6E-49C6-9AE8-A92880367435"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8B9976F-5CC8-4FAF-AAAA-CE5E3B99AF7A"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C92D31A8-8DCE-4FE2-8816-FB6D43575DE6"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "572BC9FF-8BC2-4839-88B1-E675A39AFF72"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ED348A0-8645-48FD-8851-B803C4220BEB"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F7FC1C8-97BE-41DC-A81D-F8950D6716BB"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "171D7FA2-8DBB-436A-B963-D6A02707C0E1"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83C13E74-8583-446C-9EC9-0E97CE383619"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "507DBEDA-F5BA-4FA4-BE81-29A648058B1B"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C4B04F3-0306-4CDB-BE6B-648F37CB9722"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BE5DBC9-FD14-4BB8-9BE5-859216819D10"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FE153D0-69DC-4724-9119-B8EF06A24404"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51E7297E-81EF-49BE-85F0-79CCF1B4BB61"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97C2079-150D-4CE0-909B-5B106F66E265"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "049E873D-0E1B-4AA1-AFF7-5738A3DD145C"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEE97EF8-DC5C-460C-AA8B-6C7E86F2143B"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC3242A2-FB0F-45DE-B362-3EC65FD360E6"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15E53E03-EC8A-4B83-A91B-44B2C96B5CA2"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5347976-394B-42F9-A0B9-D63DCAC8719B"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5456C566-9473-4665-8CDD-D795CA6369A9"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EC57EEC-5D83-4640-B625-BDB9BF8148C5"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14EEEB2D-2973-4C72-8445-6B51CB6D05A1"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74D9F811-E875-4DE9-9F35-C3540FCCBFF2"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8D587EB-200C-4979-B2C7-578F0BC5FD38"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "230DD33A-0D47-4B64-BDA9-5A28814E113F"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "827687F6-E29A-4D87-8C44-8EC91FF2F1D8"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DDB0A27-9E8A-4169-A874-3ACDDE105CA1"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "178F7104-4BDC-43A1-ADCB-4B5E1879A67B"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BB8C9E0-6E62-48FA-9E55-489FE073E996"
},
{
"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B249C69-5FCA-4B1A-8D58-B32B2F45FB7A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]