Signature Detail

Short Name	APP:SOPHOS-WEBAPP-CMDEXEC-SSL
Severity	High
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	Sophos Web Appliance SophosConfig Arbitrary Command Execution (SSL)
Release Date	2014/05/22
Update Number	2376
Supported Platforms	idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Sophos Web Appliance SophosConfig Arbitrary Command Execution (SSL)

This signature detects attempts to exploit a known vulnerability in Sophos Web Appliance. A successful attack could allow the attacker to execute arbitrary commands with elevated privileges.

References

BugTraq: 66734
CVE: CVE-2014-2850
URL: http://www.zerodayinitiative.com/advisories/zdi-14-069/
URL: http://www.sophos.com/en-us/support/knowledgebase/120230.aspx

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Sophos Web Appliance SophosConfig Arbitrary Command Execution (SSL)

References