CVE-2017-6412

HIGH

Sophos Web Appliance <4.3.1.2 - Session Fixation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6412. PoCs published by SlidingWindow.

AI-analyzed exploit summary This exploit demonstrates a session fixation vulnerability in Sophos Secure Web Appliance by forcing a pre-authentication session ID via a hidden form submission. The appliance fails to invalidate the pre-login session ID upon successful authentication, allowing an attacker to hijack the session.

Description

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SlidingWindow · textwebappsphp
https://www.exploit-db.com/exploits/42012

This exploit demonstrates a session fixation vulnerability in Sophos Secure Web Appliance by forcing a pre-authentication session ID via a hidden form submission. The appliance fails to invalidate the pre-login session ID upon successful authentication, allowing an attacker to hijack the session.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Sophos Secure Web Appliance version 4.3.1.1
No auth needed
Prerequisites: Knowledge of the victim's Sophos Web Appliance IP address · Ability to host a malicious webpage accessible to the victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97261

Scores

CVSS v3 8.1
EPSS 0.0754
EPSS Percentile 93.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-384
Status published
Products (1)
sophos/web_appliance < 4.3.1.1
Published Mar 30, 2017
Tracked Since Feb 18, 2026