Vulnerabilites related to banu - tinyproxy
Vulnerability from fkie_nvd
Published
2011-04-29 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F3BA5-1282-476E-922D-1F8D265D9751",
"versionEndIncluding": "1.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E01A3AF-BAED-46BB-A378-E5C62907ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "3B8B13DE-1161-4993-BB34-8228EEE43252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "D7996D03-1884-4334-B43F-A5B4D9458C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "6DCFC9B7-BDC7-4156-85A3-755A671C07A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "C98C8696-86AE-40AA-B45D-4FC46C20C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*",
"matchCriteriaId": "5F75221E-F380-4ED1-9019-2A15A94E8942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*",
"matchCriteriaId": "0A551F1C-8798-456C-A393-69F240CFDC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295E82ED-4B37-4FC9-ACF6-E6525D2D7577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "52D32C1C-ADAC-434D-B61E-4521E61700A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EF430680-0EA9-44F2-B008-38C09CE391A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A5FA5945-876F-4D49-8743-FD8B0A4BEBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "758E84E7-B4D4-4502-99A2-E13FE1F1BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A056CA07-8E63-4BC4-B788-6FA28FA6B9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "437DC576-9A0F-45DD-B7DB-D3BDF8FAF306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "0F5E2202-1782-4583-826F-4E8D8A79D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34C0689-C9E7-4253-955B-EB07D48CEC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*",
"matchCriteriaId": "56EC1656-6577-41E9-B66A-5EAAAA5F7317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "E9644328-8BD9-4DC6-B390-41157761B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*",
"matchCriteriaId": "BA8A973D-15C5-48A2-BF93-DBB1945D2CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*",
"matchCriteriaId": "952A6F77-710E-4E13-94B2-EC4853A195B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*",
"matchCriteriaId": "54F424CF-FE0F-46A8-A62D-9C25DEC9F00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*",
"matchCriteriaId": "8F6AAF00-5972-41DD-AB4F-6AECA14E47DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7056081A-63D6-4213-A162-CF3502D03D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "680705E5-D484-4C7E-8E70-E30E667A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19389006-AFFF-4BDB-8238-5F70758E7555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D8320-234D-47BD-AE43-45D78B1FC2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F506449-969A-47EC-80C3-A75B88FC53B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4450B57-BD9D-492E-913C-436BE56ADC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0EEFD8-5B25-4280-BE73-3FB1C57669B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E364882-403C-4639-B13F-8EE34DA2C7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "917A1FA8-50C6-4B0C-B196-2EE092EBEAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "9EEC829A-0933-4599-9B21-CD404411CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EEC2D9F-0847-44DE-8507-ABA12254BA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7831E2D8-91A5-45B3-A831-55F114328881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "E7337CF4-437D-4D12-8B66-9C74C79240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "808831CA-2565-4CEC-B9DA-8A9099ADF48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C785F3F-A138-4B6D-BA36-1C02E1F78370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "858B75C0-77AF-49C5-9864-FE47AC7B22DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AA70648C-38C6-438A-8C91-D29CF06DD29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D466A50B-02CF-422F-9D1C-8C12D7992C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7424517-9067-4437-8C9C-528BD7B81D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE679246-BAA7-487C-A002-E67FF7CBB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DB3514-4D09-4E4C-80C3-1C071251D1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8904EC5-C176-499D-8852-638203ED837A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB61EC72-D1C1-40BD-8271-4E67DBB53C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6728A7-5193-49F9-8790-4D8438045683",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
},
{
"lang": "es",
"value": "acl.c en tinyproxy antes de v1.8.3, cuando la opcion \"Allow Configuration\" especifica un bloque CIDR, permite conexiones TCP desde todas las direcciones IP, lo que facilita a los atacantes remotos a la hora de ocultar el origen del tr\u00e1fico de Internet, aprovechando la servidor proxy HTTP abierto."
}
],
"id": "CVE-2011-1499",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-29T22:55:00.937",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2011/04/07/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2011/04/08/3"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2222"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2011/04/07/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2011/04/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-09 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E561B1-B83C-46DB-BEFF-02CC68F7C6EB",
"versionEndIncluding": "1.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E01A3AF-BAED-46BB-A378-E5C62907ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "3B8B13DE-1161-4993-BB34-8228EEE43252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "D7996D03-1884-4334-B43F-A5B4D9458C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "6DCFC9B7-BDC7-4156-85A3-755A671C07A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "C98C8696-86AE-40AA-B45D-4FC46C20C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*",
"matchCriteriaId": "5F75221E-F380-4ED1-9019-2A15A94E8942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*",
"matchCriteriaId": "0A551F1C-8798-456C-A393-69F240CFDC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295E82ED-4B37-4FC9-ACF6-E6525D2D7577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "52D32C1C-ADAC-434D-B61E-4521E61700A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EF430680-0EA9-44F2-B008-38C09CE391A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A5FA5945-876F-4D49-8743-FD8B0A4BEBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "758E84E7-B4D4-4502-99A2-E13FE1F1BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A056CA07-8E63-4BC4-B788-6FA28FA6B9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "437DC576-9A0F-45DD-B7DB-D3BDF8FAF306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "0F5E2202-1782-4583-826F-4E8D8A79D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34C0689-C9E7-4253-955B-EB07D48CEC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*",
"matchCriteriaId": "56EC1656-6577-41E9-B66A-5EAAAA5F7317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "E9644328-8BD9-4DC6-B390-41157761B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*",
"matchCriteriaId": "BA8A973D-15C5-48A2-BF93-DBB1945D2CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*",
"matchCriteriaId": "952A6F77-710E-4E13-94B2-EC4853A195B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*",
"matchCriteriaId": "54F424CF-FE0F-46A8-A62D-9C25DEC9F00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*",
"matchCriteriaId": "8F6AAF00-5972-41DD-AB4F-6AECA14E47DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7056081A-63D6-4213-A162-CF3502D03D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "680705E5-D484-4C7E-8E70-E30E667A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19389006-AFFF-4BDB-8238-5F70758E7555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D8320-234D-47BD-AE43-45D78B1FC2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F506449-969A-47EC-80C3-A75B88FC53B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4450B57-BD9D-492E-913C-436BE56ADC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0EEFD8-5B25-4280-BE73-3FB1C57669B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E364882-403C-4639-B13F-8EE34DA2C7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "917A1FA8-50C6-4B0C-B196-2EE092EBEAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "9EEC829A-0933-4599-9B21-CD404411CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EEC2D9F-0847-44DE-8507-ABA12254BA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7831E2D8-91A5-45B3-A831-55F114328881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "E7337CF4-437D-4D12-8B66-9C74C79240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "808831CA-2565-4CEC-B9DA-8A9099ADF48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C785F3F-A138-4B6D-BA36-1C02E1F78370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "858B75C0-77AF-49C5-9864-FE47AC7B22DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AA70648C-38C6-438A-8C91-D29CF06DD29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D466A50B-02CF-422F-9D1C-8C12D7992C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7424517-9067-4437-8C9C-528BD7B81D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE679246-BAA7-487C-A002-E67FF7CBB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DB3514-4D09-4E4C-80C3-1C071251D1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8904EC5-C176-499D-8852-638203ED837A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB61EC72-D1C1-40BD-8271-4E67DBB53C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6728A7-5193-49F9-8790-4D8438045683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04EB2189-EEDB-4722-9802-79C66A5B0D5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket."
},
{
"lang": "es",
"value": "Tinyproxy antes de v1.8.3-3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (excesivo consumo de CPU y memoria) a trav\u00e9s de (1) un gran n\u00famero de cabeceras o (2) un gran n\u00famero de cabeceras falsificados con el mismo hash.\r\n"
}
],
"id": "CVE-2012-3505",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-09T23:55:04.393",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50278"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51074"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027412"
},
{
"source": "secalert@redhat.com",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"source": "secalert@redhat.com",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F3BA5-1282-476E-922D-1F8D265D9751",
"versionEndIncluding": "1.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E01A3AF-BAED-46BB-A378-E5C62907ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "3B8B13DE-1161-4993-BB34-8228EEE43252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "D7996D03-1884-4334-B43F-A5B4D9458C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "6DCFC9B7-BDC7-4156-85A3-755A671C07A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "C98C8696-86AE-40AA-B45D-4FC46C20C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*",
"matchCriteriaId": "5F75221E-F380-4ED1-9019-2A15A94E8942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*",
"matchCriteriaId": "0A551F1C-8798-456C-A393-69F240CFDC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295E82ED-4B37-4FC9-ACF6-E6525D2D7577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "52D32C1C-ADAC-434D-B61E-4521E61700A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EF430680-0EA9-44F2-B008-38C09CE391A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A5FA5945-876F-4D49-8743-FD8B0A4BEBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "758E84E7-B4D4-4502-99A2-E13FE1F1BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A056CA07-8E63-4BC4-B788-6FA28FA6B9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "437DC576-9A0F-45DD-B7DB-D3BDF8FAF306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "0F5E2202-1782-4583-826F-4E8D8A79D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34C0689-C9E7-4253-955B-EB07D48CEC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*",
"matchCriteriaId": "56EC1656-6577-41E9-B66A-5EAAAA5F7317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "E9644328-8BD9-4DC6-B390-41157761B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*",
"matchCriteriaId": "BA8A973D-15C5-48A2-BF93-DBB1945D2CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*",
"matchCriteriaId": "952A6F77-710E-4E13-94B2-EC4853A195B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*",
"matchCriteriaId": "54F424CF-FE0F-46A8-A62D-9C25DEC9F00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*",
"matchCriteriaId": "8F6AAF00-5972-41DD-AB4F-6AECA14E47DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7056081A-63D6-4213-A162-CF3502D03D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "680705E5-D484-4C7E-8E70-E30E667A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19389006-AFFF-4BDB-8238-5F70758E7555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D8320-234D-47BD-AE43-45D78B1FC2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F506449-969A-47EC-80C3-A75B88FC53B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4450B57-BD9D-492E-913C-436BE56ADC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0EEFD8-5B25-4280-BE73-3FB1C57669B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E364882-403C-4639-B13F-8EE34DA2C7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "917A1FA8-50C6-4B0C-B196-2EE092EBEAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "9EEC829A-0933-4599-9B21-CD404411CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EEC2D9F-0847-44DE-8507-ABA12254BA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7831E2D8-91A5-45B3-A831-55F114328881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "E7337CF4-437D-4D12-8B66-9C74C79240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "808831CA-2565-4CEC-B9DA-8A9099ADF48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C785F3F-A138-4B6D-BA36-1C02E1F78370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "858B75C0-77AF-49C5-9864-FE47AC7B22DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AA70648C-38C6-438A-8C91-D29CF06DD29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D466A50B-02CF-422F-9D1C-8C12D7992C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7424517-9067-4437-8C9C-528BD7B81D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE679246-BAA7-487C-A002-E67FF7CBB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DB3514-4D09-4E4C-80C3-1C071251D1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8904EC5-C176-499D-8852-638203ED837A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB61EC72-D1C1-40BD-8271-4E67DBB53C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6728A7-5193-49F9-8790-4D8438045683",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en conf.c en tinyproxy antes de v1.8.3 podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso previsto a trav\u00e9s de una conexi\u00f3n TCP, relativa al manejo inadecuado de los n\u00fameros de puerto invalidos."
}
],
"id": "CVE-2011-1843",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-03T00:55:01.153",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47715"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-1499 (GCVE-0-2011-1499)
Vulnerability from cvelistv5
Published
2011-04-29 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
},
{
"name": "44274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44274"
},
{
"name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/08/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
},
{
"name": "tinyproxy-aclc-sec-bypass(67256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"name": "DSA-2222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2222"
},
{
"name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/07/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
},
{
"name": "44274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44274"
},
{
"name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/08/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
},
{
"name": "tinyproxy-aclc-sec-bypass(67256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
},
{
"name": "DSA-2222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2222"
},
{
"name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/07/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1499",
"datePublished": "2011-04-29T22:00:00",
"dateReserved": "2011-03-21T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1843 (GCVE-0-2011-1843)
Vulnerability from cvelistv5
Published
2011-05-03 00:03
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
},
{
"name": "47715",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47715"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
},
{
"name": "47715",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47715"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439",
"refsource": "CONFIRM",
"url": "https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439"
},
{
"name": "47715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47715"
},
{
"name": "https://banu.com/bugzilla/show_bug.cgi?id=90",
"refsource": "CONFIRM",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1843",
"datePublished": "2011-05-03T00:03:00",
"dateReserved": "2011-05-02T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3505 (GCVE-0-2012-3505)
Vulnerability from cvelistv5
Published
2012-10-09 23:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"name": "[oss-security] 20120817 CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"name": "1027412",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
},
{
"name": "[oss-security] 20120818 Re: CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"name": "51074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51074"
},
{
"name": "DSA-2564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"name": "50278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"name": "[oss-security] 20120817 CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"name": "1027412",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
},
{
"name": "[oss-security] 20120818 Re: CVE request: tinyproxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"name": "51074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51074"
},
{
"name": "DSA-2564",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"name": "50278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50278"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3505",
"datePublished": "2012-10-09T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}