CVE-2016-3968

Name of the Vulnerable Software and Affected Versions Sophos Cyberoam CR100iNG UTM appliance version 10.6.3 MR-1 build 503 Sophos Cyberoam CR35iNG UTM appliance versions 10.6.2 MR-1 build 383 through 10.6.2 Build 378

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including the ipFamily parameter to "corporate/webpages/trafficdiscovery/LiveConnections.jsp", the ipFamily, applicationname, or username parameters to "corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp", or the X-Forwarded-For HTTP header.

Recommendations For Sophos Cyberoam CR100iNG UTM appliance version 10.6.3 MR-1 build 503, avoid using the ipFamily parameter in the "corporate/webpages/trafficdiscovery/LiveConnections.jsp" endpoint until the issue is resolved. For Sophos Cyberoam CR35iNG UTM appliance versions 10.6.2 MR-1 build 383 through 10.6.2 Build 378, restrict access to the "corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp" endpoint and avoid using the ipFamily, applicationname, or username parameters until a fix is available. As a temporary workaround, consider restricting the X-Forwarded-For HTTP header to minimize the risk of exploitation.