CVE-2017-6412

HIGH

Sophos Web Appliance <4.3.1.2 - Session Fixation

Title source: llm
STIX 2.1

Description

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SlidingWindow · textwebappsphp
https://www.exploit-db.com/exploits/42012

References (4)

Core 4
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97261

Scores

CVSS v3 8.1
EPSS 0.0079
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-384
Status published
Products (1)
sophos/web_appliance < 4.3.1.1
Published Mar 30, 2017
Tracked Since Feb 18, 2026