‫ Sophos UTM Cross-Site Scripting and Buffer Overflow Vulnerabilities

IRCAD2012112314
ID: IRCAD2012112314
Release Date: 2012-11-19
Criticality level: Highly critical
 
Software:
Sophos UTM 9.x
 
Description:
Some vulnerabilities have been reported in Sophos UTM, which can be exploit by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
1) The appliance bundles a vulnerable version of exim.
2) Certain unspecified input related to the WebAdmin login screen and "Last Webadmin Sessions" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities have been reported in versions prior to 9.004.
 
Solution
Update to version 9.004.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 30 آبان 1391

امتیاز

امتیاز شما
تعداد امتیازها:0