Lucene search

UbuntuUSN-4886-1

HistoryMar 22, 2021 - 12:00 a.m.

Privoxy vulnerabilities

2021-03-2200:00:00

ubuntu.com

106

privoxy

ubuntu

cgi requests

denial of service

sensitive information

regular expressions

client tags

consume resources

cve-2020-35502

cve-2021-20209

cve-2021-20210

cve-2021-20211

cve-2021-20212

cve-2021-20213

cve-2021-20214

cve-2021-20215

cve-2021-20216

cve-2021-20217

cve-2021-20272

cve-2021-20273

cve-2021-20275

cve-2021-20276

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.008

Percentile

82.0%

JSON

Releases

Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

privoxy - Privacy enhancing HTTP Proxy

Details

It was discovered that Privoxy incorrectly handled CGI requests. An attacker
could possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2020-35502, CVE-2021-20209, CVE-2021-20210,
CVE-2021-20213, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217,
CVE-2021-20272, CVE-2021-20273, CVE-2021-20275)

It was discovered that Privoxy incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause a denial of
service or obtain sensitive information. (CVE-2021-20212, CVE-2021-20276)

It was discovered that Privoxy incorrectly handled client tags. An attacker
could possibly use this issue to cause Privoxy to consume resources, resulting
in a denial of service. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20211)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.10noarchprivoxy< 3.0.28-3ubuntu0.1UNKNOWN
Ubuntu20.10noarchprivoxy-dbgsym< 3.0.28-3ubuntu0.1UNKNOWN
Ubuntu20.04noarchprivoxy< 3.0.28-2ubuntu0.1UNKNOWN
Ubuntu20.04noarchprivoxy-dbgsym< 3.0.28-2ubuntu0.1UNKNOWN
Ubuntu18.04noarchprivoxy< 3.0.26-5ubuntu0.1UNKNOWN
Ubuntu18.04noarchprivoxy-dbgsym< 3.0.26-5ubuntu0.1UNKNOWN
Ubuntu16.04noarchprivoxy< 3.0.24-1ubuntu0.1UNKNOWN
Ubuntu16.04noarchprivoxy-dbgsym< 3.0.24-1ubuntu0.1UNKNOWN
Ubuntu14.04noarchprivoxy< 3.0.21-7+deb8u1ubuntu0.1~esm1UNKNOWN
Ubuntu14.04noarchprivoxy< 3.0.21-7+deb8u1build0.14.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.10	noarch	privoxy	< 3.0.28-3ubuntu0.1	UNKNOWN
Ubuntu	20.10	noarch	privoxy-dbgsym	< 3.0.28-3ubuntu0.1	UNKNOWN
Ubuntu	20.04	noarch	privoxy	< 3.0.28-2ubuntu0.1	UNKNOWN
Ubuntu	20.04	noarch	privoxy-dbgsym	< 3.0.28-2ubuntu0.1	UNKNOWN
Ubuntu	18.04	noarch	privoxy	< 3.0.26-5ubuntu0.1	UNKNOWN
Ubuntu	18.04	noarch	privoxy-dbgsym	< 3.0.26-5ubuntu0.1	UNKNOWN
Ubuntu	16.04	noarch	privoxy	< 3.0.24-1ubuntu0.1	UNKNOWN
Ubuntu	16.04	noarch	privoxy-dbgsym	< 3.0.24-1ubuntu0.1	UNKNOWN
Ubuntu	14.04	noarch	privoxy	< 3.0.21-7+deb8u1ubuntu0.1~esm1	UNKNOWN
Ubuntu	14.04	noarch	privoxy	< 3.0.21-7+deb8u1build0.14.04.1	UNKNOWN