Privoxy < 3.0.22 Multiple Vulnerabilities
Medium Nessus Plugin ID 81086
SynopsisThe remote web proxy is affected by multiple vulnerabilities.
DescriptionAccording to its self-identified version number, the Privoxy installed on the remote host is a version prior to 3.0.22. It is, therefore, affected by multiple vulnerabilities:
- A denial of service vulnerability exists due to a memory leak when client connections are rejected when the socket limit has been reached. Note that this issue only affects version 3.0.21 with IPv6 support, which is enabled by default. (CVE-2015-1030)
- Multiple unspecified use-after-free vulnerabilities exist that could lead to arbitrary code execution.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to version 3.0.22 or later.