CVE-2007-6724 - Vulnerability Details - OpenCVE

Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Vidalia-project	Vidalia Bundle

Configuration 1 [-]

AND

cpe:2.3:a:vidalia-project:vidalia_bundle:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.seul.org/or/talk/Oct-2007/msg00291.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/50474

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-31T17:00:00

Updated: 2024-08-07T16:18:20.454Z

Reserved: 2009-03-31T00:00:00

Link: CVE-2007-6724

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-03-31T17:30:00.343

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6724

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"name": "vidalia-enableremotehttptoggle-sec-bypass(50474)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6724", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", "refsource": "MLIST", "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"name": "vidalia-enableremotehttptoggle-sec-bypass(50474)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.454Z"}, "title": "CVE Program Container", "references": [{"name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"name": "vidalia-enableremotehttptoggle-sec-bypass(50474)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6724", "datePublished": "2009-03-31T17:00:00", "dateReserved": "2009-03-31T00:00:00", "dateUpdated": "2024-08-07T16:18:20.454Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vidalia-project:vidalia_bundle:*:*:*:*:*:*:*:*", "matchCriteriaId": "74F4F94C-9874-4D53-8912-4FE50D1645BE", "versionEndIncluding": "0.1.2.17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration."}, {"lang": "es", "value": "Vidalia bundle versiones anteriores a v0.1.2.18, cuando se ejecuta en Windows y Mac OS X, instala Privoxy con un fichero de configuraci\u00f3n (config.txt o config) que contiene un ajuste inseguro enable-remote-http-toggle, lo cual permite a atacantes remotos evitar restricciones de acceso intencionadas y modificar la configuraci\u00f3n."}], "id": "CVE-2007-6724", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-31T17:30:00.343", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}