Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2503Improper Input Validation in Privoxy

CWE-20Improper Input Validation9 documents7 sources
Severity
5.8MEDIUMNVD
EPSS
3.5%
top 12.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PrivoxyDebian Privoxy
Timeline
PublishedMar 11
Latest updateMay 17

Description

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

debiandebian/privoxy< privoxy 3.0.21-1 (bookworm)
Debianprivoxy/privoxy< 3.0.21-1+3
NVDprivoxy/privoxy3.0.20+28

🔴Vulnerability Details

2
GHSA
GHSA-xwv2-6j43-gjcx: Privoxy before 32022-05-17
OSV
CVE-2013-2503: Privoxy before 32013-03-11

💥Exploits & PoCs

1
Exploit-DB
Privoxy Proxy - Authentication Information Disclosure2013-03-11

📋Vendor Advisories

2
Red Hat
privoxy: Proxy-Authentication response spoofing2013-03-11
Debian
CVE-2013-2503: privoxy - Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Auth...2013

💬Community

3
Bugzilla
CVE-2013-2503 privoxy: Proxy-Authentication response spoofing2013-03-12
Bugzilla
CVE-2013-2503 privoxy: Proxy-Authentication response spoofing [epel-6]2013-03-12
Bugzilla
CVE-2013-2503 privoxy: Proxy-Authentication response spoofing [fedora-all]2013-03-12
CVE-2013-2503 — Improper Input Validation in Privoxy | cvebase