CVE-2013-2503

Privoxy < 3.0.21 - Proxy Authentication Spoofing via 407 Status Code

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2503. PoCs published by Chris John Riley.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in Privoxy 3.0.20, where attackers can exploit proxy authentication issues to gain access to sensitive information. The example includes HTTP request/response headers but lacks executable exploit code.

Description

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Chris John Riley · textwebappsphp
https://www.exploit-db.com/exploits/38377

The provided text describes an information disclosure vulnerability in Privoxy 3.0.20, where attackers can exploit proxy authentication issues to gain access to sensitive information. The example includes HTTP request/response headers but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Privoxy 3.0.20
No auth needed
Prerequisites: Network access to the vulnerable Privoxy instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0463
EPSS Percentile 90.5%

Details

CWE
CWE-20
Status published
Products (29)
privoxy/privoxy 2.9.0 pre-alpha
privoxy/privoxy 2.9.1 pre-alpha
privoxy/privoxy 2.9.2 pre-alpha
privoxy/privoxy 2.9.3 pre-alpha
privoxy/privoxy 2.9.11 alpha (3 CPE variants)
privoxy/privoxy 2.9.12 beta
privoxy/privoxy 2.9.13 beta
privoxy/privoxy 2.9.14 beta
privoxy/privoxy 2.9.16
privoxy/privoxy 2.9.18
... and 19 more
Published Mar 11, 2013
Tracked Since Feb 18, 2026