CVE-2013-2503 — Vulnetix

CVE-2013-2503 REJECTED

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

EPSS 3.48% · 87.8th percentile

Risk Scores

EPSS Score

3.48%

87.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	privoxy	0, 3.0.21-1

Exploit Intelligence

http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/ (nist-nvd)
CIRCL exploited: CVE-2013-2503 (circl-sighting)
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup (circl)
openSUSE-SU-2013:0564 (circl)

Timeline

Mar 11, 2013 PoC Published
Mar 11, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Aug 13, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Feb 22, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2013-2503 third-party-advisory
http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/ third-party-advisory
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2013-2503 third-party-advisory

Open in Interactive Console →