Lucene search

K

Ubuntu.comUB:CVE-2013-2503

HistoryMar 11, 2013 - 12:00 a.m.

CVE-2013-2503

2013-03-1100:00:00

ubuntu.com

ubuntu.com

13

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.014

Percentile

86.6%

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and
Proxy-Authorization headers in the client-server data stream, which makes
it easier for remote HTTP servers to spoof the intended proxy service via a
407 (aka Proxy Authentication Required) HTTP status code.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702896>

References

blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/

ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup

launchpad.net/bugs/cve/CVE-2013-2503

nvd.nist.gov/vuln/detail/CVE-2013-2503

security-tracker.debian.org/tracker/CVE-2013-2503

www.cve.org/CVERecord?id=CVE-2013-2503

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.014

Percentile

86.6%

Related for UB:CVE-2013-2503

prion1 packetstorm1 fedora2 exploitdb1 debiancve1 nessus6 nvd1 openvas4 cve1 securityvulns2 cvelist1 freebsd1