Red Hat Bugzilla – Bug 920643
CVE-2013-2503 privoxy: Proxy-Authentication response spoofing
Last modified: 2015-07-31 03:00:38 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2503 to the following vulnerability:
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
This issue affects the version of the privoxy package, as shipped with Red Hat Enterprise Linux 5.
This issue affects the versions of the privoxy package, as shipped with Fedora release of 17, 18, and with Fedora EPEL-6. Please schedule an update.
Created privoxy tracking bugs for this issue
Affects: fedora-all [bug 920645]
Affects: epel-6 [bug 920647]
Vulnerable. This issue affects the version of privoxy as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this flaw. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.