FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

privoxy -- malicious server spoofing as proxy vulnerability

Affected packages
privoxy < 3.0.21

Details

VuXML ID ad82b0e9-c3d6-11e5-b5fe-002590263bf5
Discovery 2013-03-07
Entry 2016-01-26

Privoxy Developers reports:

Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley.

[source]

References

CVE Name CVE-2013-2503
FreeBSD PR ports/176813
URL http://www.privoxy.org/3.0.21/user-manual/whatsnew.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.