fkie_cve-2012-3505
Vulnerability from fkie_nvd
Published
2012-10-09 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E561B1-B83C-46DB-BEFF-02CC68F7C6EB",
"versionEndIncluding": "1.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E01A3AF-BAED-46BB-A378-E5C62907ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "3B8B13DE-1161-4993-BB34-8228EEE43252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "D7996D03-1884-4334-B43F-A5B4D9458C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "6DCFC9B7-BDC7-4156-85A3-755A671C07A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "C98C8696-86AE-40AA-B45D-4FC46C20C60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*",
"matchCriteriaId": "5F75221E-F380-4ED1-9019-2A15A94E8942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*",
"matchCriteriaId": "0A551F1C-8798-456C-A393-69F240CFDC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295E82ED-4B37-4FC9-ACF6-E6525D2D7577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "52D32C1C-ADAC-434D-B61E-4521E61700A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EF430680-0EA9-44F2-B008-38C09CE391A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A5FA5945-876F-4D49-8743-FD8B0A4BEBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "758E84E7-B4D4-4502-99A2-E13FE1F1BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "A056CA07-8E63-4BC4-B788-6FA28FA6B9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "437DC576-9A0F-45DD-B7DB-D3BDF8FAF306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "0F5E2202-1782-4583-826F-4E8D8A79D03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C34C0689-C9E7-4253-955B-EB07D48CEC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*",
"matchCriteriaId": "56EC1656-6577-41E9-B66A-5EAAAA5F7317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "E9644328-8BD9-4DC6-B390-41157761B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*",
"matchCriteriaId": "BA8A973D-15C5-48A2-BF93-DBB1945D2CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*",
"matchCriteriaId": "952A6F77-710E-4E13-94B2-EC4853A195B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*",
"matchCriteriaId": "54F424CF-FE0F-46A8-A62D-9C25DEC9F00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*",
"matchCriteriaId": "8F6AAF00-5972-41DD-AB4F-6AECA14E47DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7056081A-63D6-4213-A162-CF3502D03D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "680705E5-D484-4C7E-8E70-E30E667A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19389006-AFFF-4BDB-8238-5F70758E7555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D8320-234D-47BD-AE43-45D78B1FC2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3F506449-969A-47EC-80C3-A75B88FC53B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4450B57-BD9D-492E-913C-436BE56ADC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0EEFD8-5B25-4280-BE73-3FB1C57669B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2E364882-403C-4639-B13F-8EE34DA2C7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "917A1FA8-50C6-4B0C-B196-2EE092EBEAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "9EEC829A-0933-4599-9B21-CD404411CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EEC2D9F-0847-44DE-8507-ABA12254BA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7831E2D8-91A5-45B3-A831-55F114328881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "E7337CF4-437D-4D12-8B66-9C74C79240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*",
"matchCriteriaId": "808831CA-2565-4CEC-B9DA-8A9099ADF48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C785F3F-A138-4B6D-BA36-1C02E1F78370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "858B75C0-77AF-49C5-9864-FE47AC7B22DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AA70648C-38C6-438A-8C91-D29CF06DD29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D466A50B-02CF-422F-9D1C-8C12D7992C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7424517-9067-4437-8C9C-528BD7B81D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE679246-BAA7-487C-A002-E67FF7CBB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DB3514-4D09-4E4C-80C3-1C071251D1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8904EC5-C176-499D-8852-638203ED837A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB61EC72-D1C1-40BD-8271-4E67DBB53C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6728A7-5193-49F9-8790-4D8438045683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:banu:tinyproxy:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04EB2189-EEDB-4722-9802-79C66A5B0D5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket."
},
{
"lang": "es",
"value": "Tinyproxy antes de v1.8.3-3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (excesivo consumo de CPU y memoria) a trav\u00e9s de (1) un gran n\u00famero de cabeceras o (2) un gran n\u00famero de cabeceras falsificados con el mismo hash.\r\n"
}
],
"id": "CVE-2012-3505",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-09T23:55:04.393",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50278"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51074"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027412"
},
{
"source": "secalert@redhat.com",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"source": "secalert@redhat.com",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/17/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…