PT-2007-7293 · Anon · Anon Proxy Server

Michael Brooks

Published

2007-12-20

Updated

2018-10-15

CVE-2007-6459

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Anon Proxy Server versions 0.100 through 0.101

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to "diagdns.php" and the host parameter, and possibly the port parameter to "diagconnect.php".

Recommendations For Anon Proxy Server versions 0.100 through 0.101, consider disabling access to the diagdns.php and diagconnect.php scripts until a patch is available. Restrict input for the host and port parameters in these scripts to prevent command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-6459

Affected Products

Anon Proxy Server

PT-2007-7293 · Anon · Anon Proxy Server

CVE-2007-6459

Weakness Enumeration

Related Identifiers

Affected Products

References · 7