0.5.2

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

3proxy

NVD

Published: 2007-02-08

Updated: 2017-07-29

Summary

3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. The link is to the vendor's changelog. The vendor's download site is: http://3proxy.ru/download/ For the latest build.

Vulnerable Configurations

Part	Description	Count
Application	3Proxy 3Proxy 3Proxy 0.5 3Proxy 3Proxy 0.5.1 3Proxy 3Proxy 0.5.2	3

References

http://3proxy.ru/0.5.3g/Changelog.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/38205