Vulnerability Description
TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Anonymityanywhere | Tork | 0.22 |
| Apple | Mac Os X | All versions |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://archives.seul.org/or/talk/Oct-2007/msg00291.htmlExploit
- http://archives.seul.org/or/talk/Oct-2007/msg00296.html
- http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836
- http://www.osvdb.org/48694
- http://www.securityfocus.com/bid/26386Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42280
- http://archives.seul.org/or/talk/Oct-2007/msg00291.htmlExploit
- http://archives.seul.org/or/talk/Oct-2007/msg00296.html
- http://sourceforge.net/project/shownotes.php?release_id=551544&group_id=159836
- http://www.osvdb.org/48694
- http://www.securityfocus.com/bid/26386Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42280
FAQ
What is CVE-2007-6723?
CVE-2007-6723 is a vulnerability with a CVSS score of 4.3 (MEDIUM). TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions se...
How severe is CVE-2007-6723?
CVE-2007-6723 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6723?
Check the references section above for vendor advisories and patch information. Affected products include: Anonymityanywhere Tork, Apple Mac Os X, Microsoft Windows.