Summary
| Detail | |||
|---|---|---|---|
| Vendor | 3proxy | First view | 2007-02-08 |
| Product | 3proxy | Last view | 2019-08-01 |
| Version | 0.5.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:3proxy:3proxy | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2019-08-01 | CVE-2019-14495 | webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. |
| 5 | 2007-10-29 | CVE-2007-5622 | Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy. |
| 10 | 2007-04-16 | CVE-2007-2031 | Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests. |
| 5 | 2007-02-08 | CVE-2006-6982 | 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. |
| 5 | 2007-02-08 | CVE-2006-6981 | 3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-787 | Out-of-bounds Write |
| 50% (1) | CWE-399 | Resource Management Errors |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 41870 | 3proxy FTP Proxy Module ftppr ftpprchild Function OPEN Command DoS |
| 35242 | 3Proxy NTLM / Basic Authentication Order Weakness |
| 35241 | 3Proxy NTLM Authentication Password Hash Overwrite Remote DoS |
| 35237 | 3Proxy HTTP Proxy Crafted Transparent Request Remote Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200704-17 (3proxy) File : nvt/glsa_200704_17.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-13 (3proxy) File : nvt/glsa_200711_13.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2008-02-14 | Name: The remote proxy is affected by a buffer overflow vulnerability. File: 3proxy_logurl_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK |
| 2007-11-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200711-13.nasl - Type: ACT_GATHER_INFO |
| 2007-04-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200704-17.nasl - Type: ACT_GATHER_INFO |
