Privoxy < 3.0.22 Multiple Vulnerabilities

Medium Nessus Plugin ID 81086


The remote web proxy is affected by multiple vulnerabilities.


According to its self-identified version number, the Privoxy installed on the remote host is a version prior to 3.0.22. It is, therefore, affected by multiple vulnerabilities:

- A denial of service vulnerability exists due to a memory leak when client connections are rejected when the socket limit has been reached. Note that this issue only affects version 3.0.21 with IPv6 support, which is enabled by default. (CVE-2015-1030)

- Multiple unspecified use-after-free vulnerabilities exist that could lead to arbitrary code execution.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to version 3.0.22 or later.

See Also

Plugin Details

Severity: Medium

ID: 81086

File Name: privoxy_3_0_22.nasl

Version: 1.4

Type: remote

Family: Firewalls

Published: 2015/01/29

Modified: 2018/03/09

Dependencies: 65947

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:privoxy:privoxy

Required KB Items: www/Privoxy, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/11/28

Vulnerability Publication Date: 2014/11/28

Reference Information

CVE: CVE-2015-1030, CVE-2015-1031

BID: 71991, 71993

OSVDB: 116842, 116843