CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
privoxyprivoxy
𝑥
≤ 3.0.20
privoxyprivoxy
2.9.0:pre-alpha
privoxyprivoxy
2.9.1:pre-alpha
privoxyprivoxy
2.9.2:pre-alpha
privoxyprivoxy
2.9.3:pre-alpha
privoxyprivoxy
2.9.11:alpha
privoxyprivoxy
2.9.11:beta
privoxyprivoxy
2.9.11:pre-alpha
privoxyprivoxy
2.9.12:beta
privoxyprivoxy
2.9.13:beta
privoxyprivoxy
2.9.14:beta
privoxyprivoxy
2.9.16
privoxyprivoxy
2.9.18
privoxyprivoxy
3.0
privoxyprivoxy
3.0.2
privoxyprivoxy
3.0.3
privoxyprivoxy
3.0.5:beta
privoxyprivoxy
3.0.6
privoxyprivoxy
3.0.7:beta
privoxyprivoxy
3.0.8
privoxyprivoxy
3.0.9:beta
privoxyprivoxy
3.0.10
privoxyprivoxy
3.0.11
privoxyprivoxy
3.0.12
privoxyprivoxy
3.0.13:beta
privoxyprivoxy
3.0.14:beta
privoxyprivoxy
3.0.15:beta
privoxyprivoxy
3.0.16
privoxyprivoxy
3.0.17
privoxyprivoxy
3.0.18
privoxyprivoxy
3.0.19
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
privoxy
bullseye
3.0.32-2+deb11u1
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
3.0.34-1
fixed
sid
3.0.34-6
fixed
trixie
3.0.34-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
privoxy
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
ignored
hardy
ignored