Vulnerabilities > CVE-2016-6597 - 7PK - Security Features vulnerability in Sophos Mobile Control EAS Proxy 3.5.0.3

047910
CVSS 8.6 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sophos
CWE-254

Summary

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.

Vulnerable Configurations

Part Description Count
Application
Sophos
1

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/138210/sophosmobilecontrol-openproxy.txt
idPACKETSTORM:138210
last seen2016-12-05
published2016-08-05
reporterTim Kretschmann
sourcehttps://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html
titleSophos Mobile Control 3.5.0.3 Open Reverse Proxy