TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
BID:26386
Info
TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
| Bugtraq ID: | 26386 |
| Class: | Configuration Error |
| CVE: |
CVE-2007-6722 CVE-2007-6723 CVE-2007-6724 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
TorK TorK 0.21 Tor Vidalia 0 |
| Not Vulnerable: |
TorK TorK 0.22 Tor Vidalia 0.1.2.18 |
Discussion
TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server.
Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values.
These issues affect versions prior to TorK 0.22.
TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server.
Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values.
These issues affect versions prior to TorK 0.22.
Exploit / POC
TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
Solution:
The vendor has supplied an update to address these issues. Please see the references for more information.
TorK TorK 0.21
Solution:
The vendor has supplied an update to address these issues. Please see the references for more information.
TorK TorK 0.21
References
TorK Multiple Privoxy Insecure Default Configuration Vulnerabilities
References:
References:
- Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18 (Gregory Fleischer (Lists))
- Privoxy Homepage (Privoxy)
- Tor Homepage (Tor Project)
- TorK Homepage (TorK)
- TorK Release Notes (TorK)