5.8

CVE-2013-2503

Exploit

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Data is provided by the National Vulnerability Database (NVD)
PrivoxyPrivoxy Updatebeta Version <= 3.0.20
PrivoxyPrivoxy Version2.9.0 Updatepre-alpha
PrivoxyPrivoxy Version2.9.1 Updatepre-alpha
PrivoxyPrivoxy Version2.9.2 Updatepre-alpha
PrivoxyPrivoxy Version2.9.3 Updatepre-alpha
PrivoxyPrivoxy Version2.9.11 Updatealpha
PrivoxyPrivoxy Version2.9.11 Updatebeta
PrivoxyPrivoxy Version2.9.11 Updatepre-alpha
PrivoxyPrivoxy Version2.9.12 Updatebeta
PrivoxyPrivoxy Version2.9.13 Updatebeta
PrivoxyPrivoxy Version2.9.14 Updatebeta
PrivoxyPrivoxy Version2.9.16
PrivoxyPrivoxy Version2.9.18
PrivoxyPrivoxy Version3.0
PrivoxyPrivoxy Version3.0.2
PrivoxyPrivoxy Version3.0.3
PrivoxyPrivoxy Version3.0.5 Updatebeta
PrivoxyPrivoxy Version3.0.6
PrivoxyPrivoxy Version3.0.7 Updatebeta
PrivoxyPrivoxy Version3.0.8
PrivoxyPrivoxy Version3.0.9 Updatebeta
PrivoxyPrivoxy Version3.0.10
PrivoxyPrivoxy Version3.0.11
PrivoxyPrivoxy Version3.0.12
PrivoxyPrivoxy Version3.0.13 Updatebeta
PrivoxyPrivoxy Version3.0.14 Updatebeta
PrivoxyPrivoxy Version3.0.15 Updatebeta
PrivoxyPrivoxy Version3.0.16
PrivoxyPrivoxy Version3.0.17
PrivoxyPrivoxy Version3.0.18
PrivoxyPrivoxy Version3.0.19
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.48% 0.871
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.