VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 11, 2013· Updated Apr 29, 2026

CVE-2013-2503

CVE-2013-2503

Description

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Affected products

31
  • Privoxy/Privoxy31 versions
    cpe:2.3:a:privoxy:privoxy:2.9.0:pre-alpha:*:*:*:*:*:*+ 30 more
    • cpe:2.3:a:privoxy:privoxy:2.9.0:pre-alpha:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.11:alpha:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.11:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.11:pre-alpha:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.12:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.13:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.14:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.16:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.18:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.1:pre-alpha:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.2:pre-alpha:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:2.9.3:pre-alpha:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.13:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.14:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.15:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.7:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:3.0.9:beta:*:*:*:*:*:*
    • cpe:2.3:a:privoxy:privoxy:*:beta:*:*:*:*:*:*range: <=3.0.20

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.