Sophos Web Protection Appliance patience.cgi 'id' Parameter Directory Traversal

medium Nessus Plugin ID 65874

Synopsis

The remote host is running a web application that is affected by a directory traversal vulnerability.

Description

The Sophos Web Protection application running on the remote host is affected by a directory traversal vulnerability in the patience.cgi script due to improper sanitization of user-supplied input passed to the 'id' parameter. An unauthenticated, remote attacker can exploit this to retrieve arbitrary files from the remote host subject to the privileges of the user running the web server.

Note that the application is reportedly affected by additional vulnerabilities; however, this plugin has not tested for them.

Solution

Upgrade to Sophos Web Protection Appliance version 3.7.8.2 or later.

See Also

http://www.nessus.org/u?4aac7176

Plugin Details

Severity: Medium

ID: 65874

File Name: sophos_web_protection_dir_traversal.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 4/9/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sophos:web_appliance, x-cpe:/a:sophos:sophos_web_protection

Required KB Items: installed_sw/sophos_web_protection

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 4/1/2013

Vulnerability Publication Date: 4/3/2013

Exploitable With

Elliot (Sophos Web Protection Appliance 3.7.8.1 RCE)

Reference Information

CVE: CVE-2013-2641

BID: 58833