CVE-2013-2503

2013-03-1117:55:01

Debian Security Bug Tracker

security-tracker.debian.org

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.014 Low

EPSS

Percentile

86.6%

JSON

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

OSVersionArchitecturePackageVersionFilename
Debian12allprivoxy< 3.0.21-1privoxy_3.0.21-1_all.deb
Debian11allprivoxy< 3.0.21-1privoxy_3.0.21-1_all.deb
Debian10allprivoxy< 3.0.21-1privoxy_3.0.21-1_all.deb
Debian999allprivoxy< 3.0.21-1privoxy_3.0.21-1_all.deb
Debian13allprivoxy< 3.0.21-1privoxy_3.0.21-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	privoxy	< 3.0.21-1	privoxy_3.0.21-1_all.deb
Debian	11	all	privoxy	< 3.0.21-1	privoxy_3.0.21-1_all.deb
Debian	10	all	privoxy	< 3.0.21-1	privoxy_3.0.21-1_all.deb
Debian	999	all	privoxy	< 3.0.21-1	privoxy_3.0.21-1_all.deb
Debian	13	all	privoxy	< 3.0.21-1	privoxy_3.0.21-1_all.deb