CVE-2013-2503: Input Validation
First published: Mon Mar 11 2013(Updated: )
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Privoxy | <=3.0.20 | |
| Privoxy | =2.9.0-pre-alpha | |
| Privoxy | =2.9.1-pre-alpha | |
| Privoxy | =2.9.2-pre-alpha | |
| Privoxy | =2.9.3-pre-alpha | |
| Privoxy | =2.9.11-alpha | |
| Privoxy | =2.9.11-beta | |
| Privoxy | =2.9.11-pre-alpha | |
| Privoxy | =2.9.12-beta | |
| Privoxy | =2.9.13-beta | |
| Privoxy | =2.9.14-beta | |
| Privoxy | =2.9.16 | |
| Privoxy | =2.9.18 | |
| Privoxy | =3.0 | |
| Privoxy | =3.0.2 | |
| Privoxy | =3.0.3 | |
| Privoxy | =3.0.5-beta | |
| Privoxy | =3.0.6 | |
| Privoxy | =3.0.7-beta | |
| Privoxy | =3.0.8 | |
| Privoxy | =3.0.9-beta | |
| Privoxy | =3.0.10 | |
| Privoxy | =3.0.11 | |
| Privoxy | =3.0.12 | |
| Privoxy | =3.0.13-beta | |
| Privoxy | =3.0.14-beta | |
| Privoxy | =3.0.15-beta | |
| Privoxy | =3.0.16 | |
| Privoxy | =3.0.17 | |
| Privoxy | =3.0.18 | |
| Privoxy | =3.0.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-2503?
CVE-2013-2503 is considered a moderate severity vulnerability due to its potential to allow proxy authentication spoofing.
How do I fix CVE-2013-2503?
To fix CVE-2013-2503, you should upgrade to Privoxy version 3.0.21 or later.
What versions of Privoxy are affected by CVE-2013-2503?
CVE-2013-2503 affects Privoxy versions prior to 3.0.21, including all beta and pre-alpha releases.
What is the impact of CVE-2013-2503?
The impact of CVE-2013-2503 allows remote HTTP servers to spoof the intended proxy service, potentially leading to unauthorized access.
Is CVE-2013-2503 related to proxy authentication?
Yes, CVE-2013-2503 specifically involves improper handling of Proxy-Authenticate and Proxy-Authorization headers.
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/privoxy
- canonical/privoxy
- version/privoxy/3.0.20
- version/privoxy/2.9.0-pre-alpha
- version/privoxy/2.9.1-pre-alpha
- version/privoxy/2.9.2-pre-alpha
- version/privoxy/2.9.3-pre-alpha
- version/privoxy/2.9.11-alpha
- version/privoxy/2.9.11-beta
- version/privoxy/2.9.11-pre-alpha
- version/privoxy/2.9.12-beta
- version/privoxy/2.9.13-beta
- version/privoxy/2.9.14-beta
- version/privoxy/2.9.16
- version/privoxy/2.9.18
- version/privoxy/3.0
- version/privoxy/3.0.2
- version/privoxy/3.0.3
- version/privoxy/3.0.5-beta
- version/privoxy/3.0.6
- version/privoxy/3.0.7-beta
- version/privoxy/3.0.8
- version/privoxy/3.0.9-beta
- version/privoxy/3.0.10
- version/privoxy/3.0.11
- version/privoxy/3.0.12
- version/privoxy/3.0.13-beta
- version/privoxy/3.0.14-beta
- version/privoxy/3.0.15-beta
- version/privoxy/3.0.16
- version/privoxy/3.0.17
- version/privoxy/3.0.18
- version/privoxy/3.0.19