Hi Community,
what do you think about this?
noxxi.de/.../sophos-utm-webprotection-bypass2.html
My point of view is, that sophos could at least mention the researches that provided information to caveats, thats the minimum of appreciation the could provide. The information in the changelog regarding the technical background could be more accurate!
The other thing is (quite not an easy decision) the question (yes/no) to tell the customers/resellers, that the product IS vulerable to certain techniques/websites and that the security features can be bypassed in a pretty simple way. As such possibilites are already known in public, I think a vendor should care about this. I don´t feel good to get to know about such things somewhere, but not on the vendors site. Maybe Sophos already discussed this in public, but so far I didn´t get to know about that.
As I can extract from the text, at least the "Bypass Using Invalid Headers" Vulnerability is still open...
My question @Sophos: What do you know about this and what are you doing regarding this problem?
Regards
Sebastian
This thread was automatically locked due to age.
