CVE-2011-1499

Severity

26%

Complexity

49%

Confidentiality

48%

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N).

Overview

First reported 13 years ago

2011-04-29 22:55:00

Last updated 7 years ago

2017-08-17 01:34:00

Affected Software

Banu Tinyproxy 1.5.0 Pre 1

1.5.0

Banu Tinyproxy 1.5.0 Pre 2

1.5.0

Banu Tinyproxy 1.5.0 Pre 3

1.5.0

Banu Tinyproxy 1.5.0 Pre 4

1.5.0

Banu Tinyproxy 1.5.0 Pre 5

1.5.0

Banu Tinyproxy 1.5.0 Pre 6

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 1

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 10

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 2

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 4

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 5

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 6

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 7

1.5.0

Banu Tinyproxy 1.5.0 Release Candidate 8

1.5.0

Banu Tinyproxy 1.5.1 Pre 1

1.5.1

Banu Tinyproxy 1.5.1 Pre 2

1.5.1

Banu Tinyproxy 1.5.1 Pre 3

1.5.1

Banu Tinyproxy 1.5.1 Pre 4

1.5.1

Banu Tinyproxy 1.5.1 Pre 5

1.5.1

Banu Tinyproxy 1.5.1 Pre 6

1.5.1

Banu Tinyproxy 1.5.1 Release Candidate 1

1.5.1

Banu Tinyproxy 1.5.1 Release Candidate 2

1.5.1

Banu Tinyproxy 1.5.1 Release Candidate 3

1.5.1

Banu Tinyproxy 1.5.1 Release Candidate 4

1.5.1

Banu Tinyproxy 1.5.2 Release Candidate 1

1.5.2

Banu Tinyproxy 1.5.2 Release Candidate 2

1.5.2

Banu Tinyproxy 1.5.3 Release Candidate 1

1.5.3

Banu Tinyproxy 1.6.0 a

1.6.0

Banu Tinyproxy 1.6.0 Pre 1

1.6.0

Banu Tinyproxy 1.6.0 Pre 2

1.6.0

Banu Tinyproxy 1.6.0 Pre 3

1.6.0

Banu Tinyproxy 1.6.0 Pre 4

1.6.0

Banu Tinyproxy 1.6.0 Release Candidate 1

1.6.0

Banu Tinyproxy 1.6.0 Release Candidate 2

1.6.0

Banu Tinyproxy 1.6.0 Release Candidate 3

1.6.0

Banu Tinyproxy 1.6.1

1.6.1

Banu Tinyproxy 1.6.2

1.6.2

Banu Tinyproxy 1.6.3

1.6.3

Banu Tinyproxy 1.6.4

1.6.4

Banu Tinyproxy 1.6.5

1.6.5

Banu Tinyproxy 1.7.0

1.7.0

Banu Tinyproxy 1.7.1

1.7.1

Banu Tinyproxy 1.8.0

1.8.0

Banu Tinyproxy 1.8.1

1.8.1

Debian GNU/Linux 6.0

6.0

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493

Issue Tracking, Patch

[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges

Mailing List, Third Party Advisory

[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges

Mailing List, Third Party Advisory

44274

DSA-2222

Third Party Advisory

https://banu.com/bugzilla/show_bug.cgi?id=90

Broken Link

https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=694658

Issue Tracking, Patch

tinyproxy-aclc-sec-bypass(67256)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.