CVE-2011-1499

EUVD-2011-1500
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
banutinyproxy
𝑥
≤ 1.8.2
banutinyproxy
1.5.0
banutinyproxy
1.5.0:pre1
banutinyproxy
1.5.0:pre2
banutinyproxy
1.5.0:pre3
banutinyproxy
1.5.0:pre4
banutinyproxy
1.5.0:pre5
banutinyproxy
1.5.0:pre6
banutinyproxy
1.5.0:rc1
banutinyproxy
1.5.0:rc10
banutinyproxy
1.5.0:rc2
banutinyproxy
1.5.0:rc4
banutinyproxy
1.5.0:rc5
banutinyproxy
1.5.0:rc6
banutinyproxy
1.5.0:rc7
banutinyproxy
1.5.0:rc8
banutinyproxy
1.5.0:rc9
banutinyproxy
1.5.1
banutinyproxy
1.5.1:pre1
banutinyproxy
1.5.1:pre2
banutinyproxy
1.5.1:pre3
banutinyproxy
1.5.1:pre4
banutinyproxy
1.5.1:pre5
banutinyproxy
1.5.1:pre6
banutinyproxy
1.5.1:rc1
banutinyproxy
1.5.1:rc2
banutinyproxy
1.5.1:rc3
banutinyproxy
1.5.1:rc4
banutinyproxy
1.5.2
banutinyproxy
1.5.2:rc1
banutinyproxy
1.5.2:rc2
banutinyproxy
1.5.3
banutinyproxy
1.5.3:rc1
banutinyproxy
1.6.0
banutinyproxy
1.6.0:a
banutinyproxy
1.6.0:pre1
banutinyproxy
1.6.0:pre2
banutinyproxy
1.6.0:pre3
banutinyproxy
1.6.0:pre4
banutinyproxy
1.6.0:rc1
banutinyproxy
1.6.0:rc2
banutinyproxy
1.6.0:rc3
banutinyproxy
1.6.1
banutinyproxy
1.6.2
banutinyproxy
1.6.3
banutinyproxy
1.6.4
banutinyproxy
1.6.5
banutinyproxy
1.7.0
banutinyproxy
1.7.1
banutinyproxy
1.8.0
banutinyproxy
1.8.1
debiandebian_linux
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tinyproxy
bookworm
1.11.1-2.1+deb12u1
fixed
bookworm (security)
1.11.1-2.1+deb12u1
fixed
bullseye
1.10.0-5
fixed
bullseye (security)
1.10.0-5+deb11u1
fixed
lenny
not-affected
sid
1.11.2-1
fixed
trixie
1.11.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tinyproxy
dapper
ignored
hardy
ignored
lucid
ignored
maverick
Fixed 1.8.2-1squeeze1build0.10.10.1
released
natty
Fixed 1.8.2-1squeeze1build0.11.04.1
released
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493
http://openwall.com/lists/oss-security/2011/04/07/9
http://openwall.com/lists/oss-security/2011/04/08/3
http://secunia.com/advisories/44274
http://www.debian.org/security/2011/dsa-2222
https://banu.com/bugzilla/show_bug.cgi?id=90
https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
https://bugzilla.redhat.com/show_bug.cgi?id=694658
https://exchange.xforce.ibmcloud.com/vulnerabilities/67256
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493
http://openwall.com/lists/oss-security/2011/04/07/9
http://openwall.com/lists/oss-security/2011/04/08/3
http://secunia.com/advisories/44274
http://www.debian.org/security/2011/dsa-2222
https://banu.com/bugzilla/show_bug.cgi?id=90
https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
https://bugzilla.redhat.com/show_bug.cgi?id=694658
https://exchange.xforce.ibmcloud.com/vulnerabilities/67256