Strix
26.1K

CVE-2013-2503

UnknownEPSS 4.63%

Last modified

CVE-2013-2503 is a vulnerability of currently unknown severity. Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.. EPSS estimates a 4.63% chance of exploitation in the next 30 days.

Description

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Metrics

EPSS Probability
4.63%

90.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
PrivoxyPrivoxy<= 3.0.20Beta
PrivoxyPrivoxy2.9.0Pre-Alpha
PrivoxyPrivoxy2.9.1Pre-Alpha
PrivoxyPrivoxy2.9.2Pre-Alpha
PrivoxyPrivoxy2.9.3Pre-Alpha
PrivoxyPrivoxy2.9.11Alpha
PrivoxyPrivoxy2.9.12Beta
PrivoxyPrivoxy2.9.13Beta
PrivoxyPrivoxy2.9.14Beta
PrivoxyPrivoxy2.9.16
PrivoxyPrivoxy2.9.18
PrivoxyPrivoxy3.0
PrivoxyPrivoxy3.0.2
PrivoxyPrivoxy3.0.3
PrivoxyPrivoxy3.0.5Beta
PrivoxyPrivoxy3.0.6
PrivoxyPrivoxy3.0.7Beta
PrivoxyPrivoxy3.0.8
PrivoxyPrivoxy3.0.9Beta
PrivoxyPrivoxy3.0.10
PrivoxyPrivoxy3.0.11
PrivoxyPrivoxy3.0.12
PrivoxyPrivoxy3.0.13Beta
PrivoxyPrivoxy3.0.14Beta
PrivoxyPrivoxy3.0.15Beta
PrivoxyPrivoxy3.0.16
PrivoxyPrivoxy3.0.17
PrivoxyPrivoxy3.0.18
PrivoxyPrivoxy3.0.19

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-2503?
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
How severe is CVE-2013-2503?
Severity scoring for CVE-2013-2503 is pending analysis. The EPSS model estimates a 4.63% probability of exploitation in the next 30 days.
How do I fix CVE-2013-2503?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2503?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST