Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2013-2503

Published: 11/03/2013 Updated: 11/04/2013
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 585
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Privoxy

Vulnerability Summary

Privoxy prior to 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Vulnerable Product Search on Vulmon Subscribe to Product

privoxy privoxy 3.0.15

privoxy privoxy 3.0.14

privoxy privoxy 3.0.6

privoxy privoxy 3.0.5

privoxy privoxy 2.9.13

privoxy privoxy 2.9.12

privoxy privoxy 2.9.0

privoxy privoxy 3.0.17

privoxy privoxy 3.0.16

privoxy privoxy 3.0.8

privoxy privoxy 3.0.7

privoxy privoxy 2.9.16

privoxy privoxy 2.9.14

privoxy privoxy 2.9.2

privoxy privoxy 2.9.1

privoxy privoxy

privoxy privoxy 3.0.13

privoxy privoxy 3.0.12

privoxy privoxy 3.0.11

privoxy privoxy 3.0.3

privoxy privoxy 3.0.2

privoxy privoxy 2.9.11

privoxy privoxy 3.0.19

privoxy privoxy 3.0.18

privoxy privoxy 3.0.10

privoxy privoxy 3.0.9

privoxy privoxy 3.0

privoxy privoxy 2.9.18

privoxy privoxy 2.9.3

Vendor Advisories

Debian CVElist Bug Report Logs: privoxy: CVE-2013-2503
Debian Bug report logs - #702896 privoxy: CVE-2013-2503 Package: privoxy; Maintainer for privoxy is Roland Rosenfeld <roland@debianorg>; Source for privoxy is src:privoxy (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 12 Mar 2013 16:27:02 UTC Severity: important Tags: security Fi ...

Exploits

Exploit DB: Privoxy Proxy - Authentication Information Disclosure
source: wwwsecurityfocuscom/bid/58425/info Privoxy is prone to multiple information-disclosure vulnerabilities Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information This may aid in further attacks Privoxy 3020 is affected; other versions may also be vulnerable Respons ...
Exploit DB: Privoxy 3.0.20-1 Credential Exposure
Privoxy version 3020-1 suffers from an authentication credential exposure vulnerability ...

References

CWE-20http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markuphttp://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702896https://nvd.nist.govhttps://www.exploit-db.com/exploits/38377/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook