CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Published: Mar 11, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2503
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
privoxy / privoxy	3.0.13-beta	3.0.13-beta.x
privoxy / privoxy	-	3.0.20.x
privoxy / privoxy	3.0.2	3.0.2.x
privoxy / privoxy	2.9.11-pre-alpha	2.9.11-pre-alpha.x
privoxy / privoxy	3.0.12	3.0.12.x
privoxy / privoxy	2.9.18	2.9.18.x
privoxy / privoxy	3.0.5-beta	3.0.5-beta.x
privoxy / privoxy	3.0.16	3.0.16.x
privoxy / privoxy	2.9.3-pre-alpha	2.9.3-pre-alpha.x
privoxy / privoxy	2.9.11-alpha	2.9.11-alpha.x
privoxy / privoxy	3.0.19	3.0.19.x
privoxy / privoxy	2.9.16	2.9.16.x
privoxy / privoxy	2.9.14-beta	2.9.14-beta.x
privoxy / privoxy	3.0.10	3.0.10.x
privoxy / privoxy	3.0.14-beta	3.0.14-beta.x
privoxy / privoxy	2.9.12-beta	2.9.12-beta.x
privoxy / privoxy	2.9.1-pre-alpha	2.9.1-pre-alpha.x
privoxy / privoxy	3.0.8	3.0.8.x
privoxy / privoxy	2.9.13-beta	2.9.13-beta.x
privoxy / privoxy	3.0.7-beta	3.0.7-beta.x
privoxy / privoxy	3.0.15-beta	3.0.15-beta.x
privoxy / privoxy	2.9.0-pre-alpha	2.9.0-pre-alpha.x
privoxy / privoxy	3.0.18	3.0.18.x
privoxy / privoxy	3.0.9-beta	3.0.9-beta.x
privoxy / privoxy	3.0.3	3.0.3.x
privoxy / privoxy	2.9.2-pre-alpha	2.9.2-pre-alpha.x
privoxy / privoxy	3.0.17	3.0.17.x
privoxy / privoxy	3.0	3.0.x
privoxy / privoxy	3.0.11	3.0.11.x
privoxy / privoxy	2.9.11-beta	2.9.11-beta.x
privoxy / privoxy	3.0.6	3.0.6.x

Vulnerability Database

289,784

CVE-2013-2503