CVE-2013-2503
11.03.2013, 17:55
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.Enginsight
| Vendor | Product | Version |
|---|---|---|
| privoxy | privoxy | 𝑥 ≤ 3.0.20 |
| privoxy | privoxy | 2.9.0:pre-alpha |
| privoxy | privoxy | 2.9.1:pre-alpha |
| privoxy | privoxy | 2.9.2:pre-alpha |
| privoxy | privoxy | 2.9.3:pre-alpha |
| privoxy | privoxy | 2.9.11:alpha |
| privoxy | privoxy | 2.9.11:beta |
| privoxy | privoxy | 2.9.11:pre-alpha |
| privoxy | privoxy | 2.9.12:beta |
| privoxy | privoxy | 2.9.13:beta |
| privoxy | privoxy | 2.9.14:beta |
| privoxy | privoxy | 2.9.16 |
| privoxy | privoxy | 2.9.18 |
| privoxy | privoxy | 3.0 |
| privoxy | privoxy | 3.0.2 |
| privoxy | privoxy | 3.0.3 |
| privoxy | privoxy | 3.0.5:beta |
| privoxy | privoxy | 3.0.6 |
| privoxy | privoxy | 3.0.7:beta |
| privoxy | privoxy | 3.0.8 |
| privoxy | privoxy | 3.0.9:beta |
| privoxy | privoxy | 3.0.10 |
| privoxy | privoxy | 3.0.11 |
| privoxy | privoxy | 3.0.12 |
| privoxy | privoxy | 3.0.13:beta |
| privoxy | privoxy | 3.0.14:beta |
| privoxy | privoxy | 3.0.15:beta |
| privoxy | privoxy | 3.0.16 |
| privoxy | privoxy | 3.0.17 |
| privoxy | privoxy | 3.0.18 |
| privoxy | privoxy | 3.0.19 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References