返回 CVE 浏览器

CVE-2006-6982

MEDIUM

5.0

CVSS Severity Score

EPSS Score0.1110%

EPSS Percentile40.40th

Published2007年2月8日

Last Modified2026年4月23日

Vulnerability Description

3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.

Affected Platforms (CPE)

📦

3proxy

3proxy

= 0.5

📦

3proxy

3proxy

= 0.5.1

📦

3proxy

3proxy

= 0.5.2

References & Advisories

🔗 http://3proxy.ru/0.5.3g/Changelog.txt

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/38205

🔗 http://3proxy.ru/0.5.3g/Changelog.txt

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/38205

相关漏洞威胁

CVE-2007-203110.0

Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers t...

CVE-2019-144959.8

webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface.

CVE-2006-69815.0

3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked accou...

CVE-2007-56225.0

Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a deni...