Astaro Security Linux Proxy Invalid Request Information Disclosure
Remote / Network Access
Loss of Confidentiality
Astaro Security Linux Proxy contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending an invalid connection request to the proxy port, which will disclose login-credentials used internaly by the Content Filter Framework (Proxy-authorization: Basic LTpwcHBwCg==), resulting in a loss of confidentiality.
Upgrade to version 18.104.22.168 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.