CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
86.6%
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
Vendor | Product | Version | CPE |
---|---|---|---|
privoxy | privoxy | * | cpe:2.3:a:privoxy:privoxy:*:beta:*:*:*:*:*:* |
privoxy | privoxy | 2.9.0 | cpe:2.3:a:privoxy:privoxy:2.9.0:pre-alpha:*:*:*:*:*:* |
privoxy | privoxy | 2.9.1 | cpe:2.3:a:privoxy:privoxy:2.9.1:pre-alpha:*:*:*:*:*:* |
privoxy | privoxy | 2.9.2 | cpe:2.3:a:privoxy:privoxy:2.9.2:pre-alpha:*:*:*:*:*:* |
privoxy | privoxy | 2.9.3 | cpe:2.3:a:privoxy:privoxy:2.9.3:pre-alpha:*:*:*:*:*:* |
privoxy | privoxy | 2.9.11 | cpe:2.3:a:privoxy:privoxy:2.9.11:alpha:*:*:*:*:*:* |
privoxy | privoxy | 2.9.11 | cpe:2.3:a:privoxy:privoxy:2.9.11:beta:*:*:*:*:*:* |
privoxy | privoxy | 2.9.11 | cpe:2.3:a:privoxy:privoxy:2.9.11:pre-alpha:*:*:*:*:*:* |
privoxy | privoxy | 2.9.12 | cpe:2.3:a:privoxy:privoxy:2.9.12:beta:*:*:*:*:*:* |
privoxy | privoxy | 2.9.13 | cpe:2.3:a:privoxy:privoxy:2.9.13:beta:*:*:*:*:*:* |