CVE-2013-2641

Sophos Web Appliance <3.7.8.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-2641. PoCs published by Wolfgang Ettlingers, juan vazquez, including Metasploit module auxiliary/admin/http/sophos_wpa_traversal.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Sophos Web Protection Appliance, including unauthenticated local file disclosure, OS command injection, and reflected XSS. It provides technical analysis, proof-of-concept URLs, and HTTP request examples for exploitation.

Description

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.

Exploits (2)

exploitdb WRITEUP

webappslinux

https://www.exploit-db.com/exploits/24932

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Sophos Web Protection Appliance, including unauthenticated local file disclosure, OS command injection, and reflected XSS. It provides technical analysis, proof-of-concept URLs, and HTTP request examples for exploitation.

Classification

Writeup 100%

Attack Type

Info Leak | Rce | Xss

Complexity

Moderate

Reliability

Reliable

Target: Sophos Web Protection Appliance <= 3.7.8.1

No auth needed

Prerequisites: Network access to the appliance · Valid session ID for authenticated exploits

MITRE ATT&CK

T1005 - Data from Local System T1059 - Command and Scripting Interpreter T1059.004 - Unix Shell T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC

by Wolfgang Ettlingers, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/sophos_wpa_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Sophos Web Protection Appliance via the /cgi-bin/patience.cgi component. It allows unauthorized file retrieval by manipulating the 'id' parameter with traversal sequences.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Sophos Web Protection Appliance v3.7.0

No auth needed

Prerequisites: Network access to the target appliance · Vulnerable Sophos Web Protection Appliance with exposed CGI interface

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt

Vendor Advisory x_refsource_confirm

http://www.sophos.com/en-us/support/knowledgebase/118969.aspx

Scores

EPSS 0.8235

EPSS Percentile 99.2%

Details

CWE

CWE-22

Status published

Products (2)

sophos/web_appliance

sophos/web_appliance_firmware < 3.7.8.1

Published Mar 18, 2014

Tracked Since Feb 18, 2026