Privoxy < 3.0.22 Multiple Vulnerabilities

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote web proxy is affected by multiple vulnerabilities.

Description :

According to its self-identified version number, the Privoxy installed
on the remote host is a version prior to 3.0.22. It is, therefore,
affected by multiple vulnerabilities:

- An denial of service vulnerability exists due to a
memory leak when client connections are rejected when
the socket limit has been reached. Note that this issue
only affects version 3.0.21 with IPv6 support, which is
enabled by default. (CVE-2015-1030)

- Multiple unspecified use-after-free vulnerabilities
exist that could lead to arbitrary code execution.
(CVE-2015-1031)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://sourceforge.net/p/ijbswa/mailman/message/33089172/

Solution :

Upgrade to version 3.0.22 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Firewalls

Nessus Plugin ID: 81086 ()

Bugtraq ID: 71991
71993

CVE ID: CVE-2015-1030
CVE-2015-1031

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now