Computer Security

Privoxy information leakage

back  news / advisories / software / search /  forward
[EN] securityvulns.ru no-pyccku


Privoxy information leakage
Published:13.03.2013
Source:
SecurityVulns ID:12946
Type:client
Threat Level:
6/10
Description:Proxy-Authenticate and Proxy-Authorization headers are not filtered, making it possible to hijack authentication information.
CVE:CVE-2013-2503 (Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.)
Original documentdocumentcontact_(at)_c22.cc, Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 (13.03.2013)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod