VAR-200903-0004
Vulnerability from variot - Updated: 2025-04-10 23:03TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. Attackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. These issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200903-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tork",
"scope": "eq",
"trust": 1.6,
"vendor": "anonymityanywhere",
"version": "0.22"
},
{
"model": "tork",
"scope": "lt",
"trust": 0.8,
"vendor": "anonymityanywhere",
"version": "0.22"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "windows",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "tork",
"scope": "eq",
"trust": 0.3,
"vendor": "tork",
"version": "0.21"
},
{
"model": "vidalia",
"scope": "eq",
"trust": 0.3,
"vendor": "tor",
"version": "0"
},
{
"model": "tork",
"scope": "ne",
"trust": 0.3,
"vendor": "tork",
"version": "0.22"
},
{
"model": "vidalia",
"scope": "ne",
"trust": 0.3,
"vendor": "tor",
"version": "0.1.2.18"
}
],
"sources": [
{
"db": "BID",
"id": "26386"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
},
{
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:anonymityanywhere:tork",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vidalia Project",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-6723",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-30085",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6723",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-6723",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200903-530",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-30085",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30085"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
},
{
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. TorK is prone to multiple insecure-configuration vulnerabilities because of several default configuration options used by the Privoxy web proxy server. \nAttackers can exploit these issues to bypass proxy filter rules or modify user-defined configuration values. \nThese issues affect versions prior to TorK 0.22. TorK is a powerful KDE desktop anonymous management tool. It is possible to browse the web anonymously through a browser and send anonymous emails from the MixMinion network. You can use ssh, IRC chat tools and IM instant messaging tools anonymously. And can control and monitor anonymous traffic on the Tor network through TorK. This configuration file contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6723"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"db": "BID",
"id": "26386"
},
{
"db": "VULHUB",
"id": "VHN-30085"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6723",
"trust": 2.8
},
{
"db": "BID",
"id": "26386",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "48694",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200903-530",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[OR-TALK] 20071031 INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OR-TALK] 20071031 RE: INSECURE PRIVOXY CONFIGURATION IN VIDALIA BUNDLES PRIOR TO 0.1.2.18",
"trust": 0.6
},
{
"db": "XF",
"id": "42280",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-30085",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30085"
},
{
"db": "BID",
"id": "26386"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
},
{
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"id": "VAR-200903-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30085"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:03:13.271000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.torproject.org/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apple.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30085"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://archives.seul.org/or/talk/oct-2007/msg00291.html"
},
{
"trust": 1.9,
"url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026group_id=159836"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/26386"
},
{
"trust": 1.7,
"url": "http://archives.seul.org/or/talk/oct-2007/msg00296.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/48694"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42280"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6723"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6723"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/42280"
},
{
"trust": 0.3,
"url": "http://www.privoxy.org/"
},
{
"trust": 0.3,
"url": "http://www.torproject.org/index.html.en"
},
{
"trust": 0.3,
"url": "http://www.anonymityanywhere.com/tork/index.php?option=com_frontpage\u0026itemid=28"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/shownotes.php?release_id=551544\u0026amp;group_id=159836"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30085"
},
{
"db": "BID",
"id": "26386"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
},
{
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30085"
},
{
"db": "BID",
"id": "26386"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
},
{
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-30085"
},
{
"date": "2007-11-08T00:00:00",
"db": "BID",
"id": "26386"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"date": "2009-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-530"
},
{
"date": "2009-03-31T17:30:00.327000",
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-30085"
},
{
"date": "2016-07-05T22:00:00",
"db": "BID",
"id": "26386"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002717"
},
{
"date": "2009-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-530"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows and Mac OS X Run on TorK Vulnerabilities whose settings are changed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "26386"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-530"
}
],
"trust": 0.9
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.