Directory Traversal Vulnerability in Sophos Web Appliance
CVE-2013-2641

Currently unrated

Key Information:

Vendor: Sophos
Status: Web Appliance Firmware; Web Appliance
Vendor: CVE Published:; 18 March 2014

Summary

A directory traversal vulnerability exists in the 'patience.cgi' script of Sophos Web Appliance, allowing remote attackers to exploit the 'id' parameter. This flaw could lead to unauthorized reading of sensitive files on the system, creating significant security risks. Users of affected versions, specifically those prior to 3.7.8.2, are urged to apply the latest updates and enhance their system defenses.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

http://www.sophos.com/en-us/support/knowledgebase/118969....

x_refsource_CONFIRM

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Mar 22, 2013