|
|
|
|
| |
| Sophos ES1000 Email Security Appliance delivers "protection against spam, viruses, Trojans, spyware and other malware. Sophos's award-winning anti-virus engine detects all types of malware in a single, high-speed scan. Every Sophos appliance is updated with new protection intelligence every 5 minutes". During an audit of Sophos ES1000 Email Security Appliance, a Cross Site Scripting vulnerability was discovered in its web administration interface. Administration web interface is available on the public network interface, over HTTPS on port 18080. |
| |
Credit:
The information has been provided by Leon Juranic.
The original article can be found at: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-02-13
|
| |
Vulnerable Systems:
* Sophos ES1000 version 2.1.0.0 and prior
* Sophos ES4000 version 2.1.0.0 and prior
Immune Systems:
* Sophos ES1000 version 2.1.1.0
* Sophos ES4000 version 2.1.1.0
Lack of input validation for 'error' and 'go' parameters of the 'Login' script, allows malicious JavaScript code injection.
https://192.168.0.10:18080/Login?logout=0&error=<INJECTION>&go=<INJECTION>
This can be exploited by a malicious user to steal Sophos ES1000 Email Security Appliance administrator credentials, and shut down the appliance, or change its configuration.
Fix:
This vulnerability has been fixed in Sophos Email Appliance version 2.1.1.0 and above, available automatically to Sophos' customers between 14-21 February 2008. More information at http://www.sophos.com/support/knowledgebase/article/34733.html
Vendor status:
28.01.2008 - Initial contact, automated response
04.02.2008 - Repeated contact
06.02.2008 - Vendor response
07.02.2008 - Vendor status update
08.02.2008 - Vendor status update
13.02.2008 - Vendor status update
14.02.2008 - fix available
15.02.2008 - Coordinated public disclosure
|
|
|
|
|
|
|
|
|
|
