CVE-2016-6597
HIGHSophos Mobile Control EAS Proxy < 3.5.0.3 - Open Reverse Proxy via Lotus Traveler
Title source: llmDescription
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92351
Various Sources x_refsource_misc
https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/539126/100/0/threaded
Scores
CVSS v3
8.6
EPSS
0.0016
EPSS Percentile
37.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-254
Status
published
Products (1)
sophos/mobile_control_eas_proxy
< 3.5.0.3
Published
Aug 10, 2016
Tracked Since
Feb 18, 2026