漏洞类别:
Web server漏洞等级: 
漏洞信息
Sophos Secure Web Appliance (SWA) works seamlessly with Sophos Secured Windows Endpoints to provide complete web protection for offsite users. The Sophos SWA is prone to Session Fixation and multiple Remote Command Injection vulnerabilities.
Affected Versions:
Sophos Secure Web Appliance prior to version 4.3.1.2
漏洞危害
An authenticated remote attacker could exploit these vulnerabilities to either run system commands remotely or bypass authentication by fixing Session ID.
解决方案
Refer to Release of SWA v4.3.1.2 for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论