CVE-2013-4983

{"id": "CVE-2013-4983", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-10T11:28:40.997", "references": [{"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php."}, {"lang": "es", "value": "La funci\u00f3n get_referers en /opt/ws/bin/sblistpack de Sophos Web Appliance anterior a 3.7.9.1 y 3.8 (anterior a 3.8.1.1) permite a un atacante remoto ejecutar comandos a discrecci\u00f3n a trav\u00e9s de metacaracteres shell en el parametro dominio de end-user/index.php"}], "lastModified": "2024-11-21T01:56:50.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sophos:web_appliance_firmware:3.7.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F13FE47-7269-42AF-9601-C04DB5BEF398"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1926B1A8-9B8B-420A-B58B-B55C2687F2E6", "versionEndIncluding": "3.7.9"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC8A7150-8264-416C-87DB-E9CDD318A82E"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57A40D50-1324-459A-81F2-1C57FFCB0206"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA7EB10A-A245-4688-9619-10A98BA5E23F"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A64FCF4B-4BAF-409C-9500-BA729C11C098"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245AA033-6388-4EB1-84FC-12FD3683F5B9"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD9AEBAC-E764-4A12-99E5-C643C4BEC88E"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19FBAC31-D306-4C13-81B0-7EE733EBE258"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA62F916-6282-40C2-BBF0-0EDAFEE085BC"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D84BF84-3204-4717-B6E7-3786A52ECB70"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B8BE4DA-F1AE-41BF-B062-9D50ACC0B9FA"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBFA7CD3-3F79-408E-B68F-9EFF382B29E7"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "589BBFA8-3A56-4057-BE9E-EC63AA837CFF"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C524417-B3CD-46B9-8A59-C489170E264E"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5111B15-366D-4B8E-946C-5E294907B399"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1F32D9-BAA5-420D-AE0D-4E64320DB004"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93E2D4E-15A7-41BB-9F9E-162CEB797B9B"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1090659-0F39-4E89-AA83-699549471839"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FBBFF84-0C64-4B50-AAA4-02A5B41F1C46"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DAD5CD0-9B52-4FF2-B1E2-BA2223073893"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9132766-CAD5-4BE4-8E11-80251C28A974"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "402C91F9-5FAF-4A1E-8350-799F825B2E95"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E69BED8D-1A92-4384-8BB4-5822FC69E29A"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2574CFB6-D3F2-41F0-88A4-152BD2F42427"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72589AEB-DE8A-4385-BBA9-D6B8A74AFC87"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "934B4C03-1B9A-4B83-A396-1A44BCA8C1BE"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08CC0060-A20C-4769-BA3F-43EDC8DAC750"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DED9963-61AE-44C6-AC73-0F1AD82E34CE"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D078EE8-828A-4852-835A-CEC103A23A40"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F1F9D52-CFEA-41B1-8477-1FF06FFB3EAD"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BEAE73E-5B43-48E9-A048-143F58FBC784"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F23A049-F7D3-4CC0-B75D-A65D2151E265"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B8E4724-F49B-4C1B-9879-7DFC23E12F2F"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77EEB883-CF36-4274-B5C6-C83CB6C237A3"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3063D8C-6CBE-4929-BBB8-5D6AB935DF55"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4BB573-434C-48C6-9C25-FD804FB4AAA4"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54365D65-F2D6-423E-B3D3-B69C432A0CB6"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57AFF87D-4DC8-42C1-9DAF-99A85D753D22"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "240B178F-4BE5-4778-AFEB-9BA53B866E01"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89E03D20-3D0F-4BAC-8A30-3464F3C811E4"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C112DE-1BC2-434F-B68D-EFE043A79FB0"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49558797-D233-499D-85D8-AF8DEF667448"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3FF0A14-F791-4E03-B70A-C622824D49C7"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1BDFF3F-3FD2-4E20-9D1F-19186CD83611"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EAC1965-4E62-4DBF-AF18-ABFA7A3F54B4"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F8573D8-DD6E-49C6-9AE8-A92880367435"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8B9976F-5CC8-4FAF-AAAA-CE5E3B99AF7A"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C92D31A8-8DCE-4FE2-8816-FB6D43575DE6"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "572BC9FF-8BC2-4839-88B1-E675A39AFF72"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED348A0-8645-48FD-8851-B803C4220BEB"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F7FC1C8-97BE-41DC-A81D-F8950D6716BB"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "171D7FA2-8DBB-436A-B963-D6A02707C0E1"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83C13E74-8583-446C-9EC9-0E97CE383619"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "507DBEDA-F5BA-4FA4-BE81-29A648058B1B"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C4B04F3-0306-4CDB-BE6B-648F37CB9722"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE5DBC9-FD14-4BB8-9BE5-859216819D10"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FE153D0-69DC-4724-9119-B8EF06A24404"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E7297E-81EF-49BE-85F0-79CCF1B4BB61"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F97C2079-150D-4CE0-909B-5B106F66E265"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "049E873D-0E1B-4AA1-AFF7-5738A3DD145C"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE97EF8-DC5C-460C-AA8B-6C7E86F2143B"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC3242A2-FB0F-45DE-B362-3EC65FD360E6"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.6.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E53E03-EC8A-4B83-A91B-44B2C96B5CA2"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5347976-394B-42F9-A0B9-D63DCAC8719B"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5456C566-9473-4665-8CDD-D795CA6369A9"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EC57EEC-5D83-4640-B625-BDB9BF8148C5"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14EEEB2D-2973-4C72-8445-6B51CB6D05A1"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74D9F811-E875-4DE9-9F35-C3540FCCBFF2"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8D587EB-200C-4979-B2C7-578F0BC5FD38"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "230DD33A-0D47-4B64-BDA9-5A28814E113F"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "827687F6-E29A-4D87-8C44-8EC91FF2F1D8"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DDB0A27-9E8A-4169-A874-3ACDDE105CA1"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.7.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "178F7104-4BDC-43A1-ADCB-4B5E1879A67B"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BB8C9E0-6E62-48FA-9E55-489FE073E996"}, {"criteria": "cpe:2.3:o:sophos:web_appliance_firmware:3.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B249C69-5FCA-4B1A-8D58-B32B2F45FB7A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sophos:web_appliance:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37CBAA36-B58B-4D52-B674-E795290D42EE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}