Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2503

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-2503
Last Modified 10 Apr 2013 11:33:47
Published 11 Mar 2013 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2503

Summary

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Vulnerable Systems

Application

  • Privoxy 2.9.0

  • Privoxy 2.9.1

  • Privoxy 2.9.11

  • Privoxy 2.9.12

  • Privoxy 2.9.13

  • Privoxy 2.9.14

  • Privoxy 2.9.16

  • Privoxy 2.9.18

  • Privoxy 2.9.2

  • Privoxy 2.9.3

  • Privoxy 3.0

  • Privoxy 3.0.10

  • Privoxy 3.0.11

  • Privoxy 3.0.12

  • Privoxy 3.0.13

  • Privoxy 3.0.14

  • Privoxy 3.0.15

  • Privoxy 3.0.16

  • Privoxy 3.0.17

  • Privoxy 3.0.18

  • Privoxy 3.0.19

  • Privoxy 3.0.2

  • Privoxy 3.0.20

  • Privoxy 3.0.3

  • Privoxy 3.0.5

  • Privoxy 3.0.6

  • Privoxy 3.0.7

  • Privoxy 3.0.8

  • Privoxy 3.0.9


References

CONFIRM - http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup

MISC - http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/

SUSE - openSUSE-SU-2013:0564


Last Updated: 27 May 2016 11:02:04