VIR Vulnerability Intelligence Relay

CVE-2013-2503

medium
Published 2013-03-11 · Modified 2026-04-29
CVSS v3
CVSS v2
5.8
VIR risk
6.8

Description

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Predictions

Exploit likelihood
55%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-2503

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2013-2503.html

Exploits

Exploit-DB

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed3.0.21-1
debian debianbullseyefixed3.0.21-1
debian debianforkyfixed3.0.21-1
debian debiansidfixed3.0.21-1
debian debiantrixiefixed3.0.21-1

Application impact
VendorProductVersionsFixed
privoxyprivoxy{"endIncluding":"3.0.20"}
privoxyprivoxy2.9.0
privoxyprivoxy2.9.1
privoxyprivoxy2.9.2
privoxyprivoxy2.9.3
privoxyprivoxy2.9.11
privoxyprivoxy2.9.12
privoxyprivoxy2.9.13
privoxyprivoxy2.9.14
privoxyprivoxy2.9.16
privoxyprivoxy2.9.18
privoxyprivoxy3.0
privoxyprivoxy3.0.2
privoxyprivoxy3.0.3
privoxyprivoxy3.0.5
privoxyprivoxy3.0.6
privoxyprivoxy3.0.7
privoxyprivoxy3.0.8
privoxyprivoxy3.0.9
privoxyprivoxy3.0.10
privoxyprivoxy3.0.11
privoxyprivoxy3.0.12
privoxyprivoxy3.0.13
privoxyprivoxy3.0.14
privoxyprivoxy3.0.15
privoxyprivoxy3.0.16
privoxyprivoxy3.0.17
privoxyprivoxy3.0.18
privoxyprivoxy3.0.19

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.