CVE-2007-6724 - Vulnerability Details - OpenCVE

Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00167.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft Subscribe	Windows Subscribe
Vidalia-project Subscribe	Vidalia Bundle Subscribe

Configuration 1 [-]

AND

cpe:2.3:a:vidalia-project:vidalia_bundle:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-6687	Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.seul.org/or/talk/Oct-2007/msg00291.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/50474

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-31T17:00:00

Updated: 2024-08-07T16:18:20.454Z

Reserved: 2009-03-31T00:00:00

Link: CVE-2007-6724

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-03-31T17:30:00.343

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6724

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-16

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"name": "vidalia-enableremotehttptoggle-sec-bypass(50474)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6724", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", "refsource": "MLIST", "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"name": "vidalia-enableremotehttptoggle-sec-bypass(50474)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.454Z"}, "title": "CVE Program Container", "references": [{"name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"name": "vidalia-enableremotehttptoggle-sec-bypass(50474)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6724", "datePublished": "2009-03-31T17:00:00", "dateReserved": "2009-03-31T00:00:00", "dateUpdated": "2024-08-07T16:18:20.454Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vidalia-project:vidalia_bundle:*:*:*:*:*:*:*:*", "matchCriteriaId": "74F4F94C-9874-4D53-8912-4FE50D1645BE", "versionEndIncluding": "0.1.2.17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration."}, {"lang": "es", "value": "Vidalia bundle versiones anteriores a v0.1.2.18, cuando se ejecuta en Windows y Mac OS X, instala Privoxy con un fichero de configuraci\u00f3n (config.txt o config) que contiene un ajuste inseguro enable-remote-http-toggle, lo cual permite a atacantes remotos evitar restricciones de acceso intencionadas y modificar la configuraci\u00f3n."}], "id": "CVE-2007-6724", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-31T17:30:00.343", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50474"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}