Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
2013-03-11T17:55:01.830
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | privoxy | privoxy | ≤ 3.0.20 | Yes |
| Application | privoxy | privoxy | 2.9.0 | Yes |
| Application | privoxy | privoxy | 2.9.1 | Yes |
| Application | privoxy | privoxy | 2.9.2 | Yes |
| Application | privoxy | privoxy | 2.9.3 | Yes |
| Application | privoxy | privoxy | 2.9.11 | Yes |
| Application | privoxy | privoxy | 2.9.11 | Yes |
| Application | privoxy | privoxy | 2.9.11 | Yes |
| Application | privoxy | privoxy | 2.9.12 | Yes |
| Application | privoxy | privoxy | 2.9.13 | Yes |
| Application | privoxy | privoxy | 2.9.14 | Yes |
| Application | privoxy | privoxy | 2.9.16 | Yes |
| Application | privoxy | privoxy | 2.9.18 | Yes |
| Application | privoxy | privoxy | 3.0 | Yes |
| Application | privoxy | privoxy | 3.0.2 | Yes |
| Application | privoxy | privoxy | 3.0.3 | Yes |
| Application | privoxy | privoxy | 3.0.5 | Yes |
| Application | privoxy | privoxy | 3.0.6 | Yes |
| Application | privoxy | privoxy | 3.0.7 | Yes |
| Application | privoxy | privoxy | 3.0.8 | Yes |
| Application | privoxy | privoxy | 3.0.9 | Yes |
| Application | privoxy | privoxy | 3.0.10 | Yes |
| Application | privoxy | privoxy | 3.0.11 | Yes |
| Application | privoxy | privoxy | 3.0.12 | Yes |
| Application | privoxy | privoxy | 3.0.13 | Yes |
| Application | privoxy | privoxy | 3.0.14 | Yes |
| Application | privoxy | privoxy | 3.0.15 | Yes |
| Application | privoxy | privoxy | 3.0.16 | Yes |
| Application | privoxy | privoxy | 3.0.17 | Yes |
| Application | privoxy | privoxy | 3.0.18 | Yes |
| Application | privoxy | privoxy | 3.0.19 | Yes |