Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1499

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-1499
Last Modified 06 Sep 2011 11:16:04
Published 29 Apr 2011 06:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-1499

Summary

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

Vulnerable Systems

Application

  • Banu Tinyproxy 1.5.0

  • Banu Tinyproxy 1.5.1

  • Banu Tinyproxy 1.5.2

  • Banu Tinyproxy 1.5.3

  • Banu Tinyproxy 1.6.0

  • Banu Tinyproxy 1.6.1

  • Banu Tinyproxy 1.6.2

  • Banu Tinyproxy 1.6.3

  • Banu Tinyproxy 1.6.4

  • Banu Tinyproxy 1.6.5

  • Banu Tinyproxy 1.7.0

  • Banu Tinyproxy 1.7.1

  • Banu Tinyproxy 1.8.0

  • Banu Tinyproxy 1.8.1

  • Banu Tinyproxy 1.8.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=694658

CONFIRM - https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4

CONFIRM - https://banu.com/bugzilla/show_bug.cgi?id=90

MLIST - [oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges

MLIST - [oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493

XF - tinyproxy-aclc-sec-bypass(67256)

DEBIAN - DSA-2222

SECUNIA - 44274


Last Updated: 27 May 2016 10:56:21