Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Sophos fixes vulnerabilities in its Web security appliance

Lucian Constantin | April 5, 2013
The flaws could allow attackers to execute commands with high privileges and read sensitive passwords stored on the product

"The Sophos Email Appliance (v3.7.4.0) had multiple vulnerabilities which in combination could allow the system to be fully compromised, giving an attacker both administrative access to the UI, and a root shell on the underlying operating system," Williams said in the paper. "These included various instances of command injection, XSS with session-hijacking, CSRF, session-fixation, etc."

Sophos addressed those flaws in January 2013, along with other issues discovered during its own security review of the product. Williams commended Sophos for the auto-update feature built into its appliances, which he said is not the norm in products from other vendors.

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.