CVE-2005-1108 — Internet Junkbuster vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Junkbuster Internet Junkbuster Debian Privoxy

Timeline

PublishedMay 2

Latest updateMay 1

Description

The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDjunkbuster/internet_junkbuster2.0.2_r2

▶debiandebian/privoxy

Patches

Patch: bugs.gentoo.org ↗Patch: www.debian.org ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-7q89-h9hg-x89w: The ij_untrusted_url function in JunkBuster 2↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2005-1108: privoxy - The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode ...↗2005

▶