cvelistv5 - cve-2011-1499

CVE-2011-1499 (GCVE-0-2011-1499)

Vulnerability from cvelistv5 – Published: 2011-04-29 22:00 – Updated: 2024-08-06 22:28

Summary

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=694658	x_refsource_CONFIRM
	http://secunia.com/advisories/44274	third-party-advisoryx_refsource_SECUNIA
	http://openwall.com/lists/oss-security/2011/04/08/3	mailing-listx_refsource_MLIST
	https://banu.com/cgit/tinyproxy/diff/?id=e8426f66…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://banu.com/bugzilla/show_bug.cgi?id=90	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2222	vendor-advisoryx_refsource_DEBIAN
	http://openwall.com/lists/oss-security/2011/04/07/9	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
          },
          {
            "name": "44274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44274"
          },
          {
            "name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
          },
          {
            "name": "tinyproxy-aclc-sec-bypass(67256)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
          },
          {
            "name": "DSA-2222",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2222"
          },
          {
            "name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/07/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
        },
        {
          "name": "44274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44274"
        },
        {
          "name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
        },
        {
          "name": "tinyproxy-aclc-sec-bypass(67256)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
        },
        {
          "name": "DSA-2222",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2222"
        },
        {
          "name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/07/9"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1499",
    "datePublished": "2011-04-29T22:00:00",
    "dateReserved": "2011-03-21T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.8.2\", \"matchCriteriaId\": \"D51F3BA5-1282-476E-922D-1F8D265D9751\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E01A3AF-BAED-46BB-A378-E5C62907ABA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B8B13DE-1161-4993-BB34-8228EEE43252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7996D03-1884-4334-B43F-A5B4D9458C2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DCFC9B7-BDC7-4156-85A3-755A671C07A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*\", \"matchCriteriaId\": \"C98C8696-86AE-40AA-B45D-4FC46C20C60B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F75221E-F380-4ED1-9019-2A15A94E8942\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A551F1C-8798-456C-A393-69F240CFDC1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"295E82ED-4B37-4FC9-ACF6-E6525D2D7577\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*\", \"matchCriteriaId\": \"52D32C1C-ADAC-434D-B61E-4521E61700A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF430680-0EA9-44F2-B008-38C09CE391A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5FA5945-876F-4D49-8743-FD8B0A4BEBD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"758E84E7-B4D4-4502-99A2-E13FE1F1BB34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*\", \"matchCriteriaId\": \"A056CA07-8E63-4BC4-B788-6FA28FA6B9CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*\", \"matchCriteriaId\": \"437DC576-9A0F-45DD-B7DB-D3BDF8FAF306\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F5E2202-1782-4583-826F-4E8D8A79D03E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C34C0689-C9E7-4253-955B-EB07D48CEC97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"56EC1656-6577-41E9-B66A-5EAAAA5F7317\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9644328-8BD9-4DC6-B390-41157761B14B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA8A973D-15C5-48A2-BF93-DBB1945D2CF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*\", \"matchCriteriaId\": \"952A6F77-710E-4E13-94B2-EC4853A195B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*\", \"matchCriteriaId\": \"54F424CF-FE0F-46A8-A62D-9C25DEC9F00B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F6AAF00-5972-41DD-AB4F-6AECA14E47DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7056081A-63D6-4213-A162-CF3502D03D2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"680705E5-D484-4C7E-8E70-E30E667A666D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"19389006-AFFF-4BDB-8238-5F70758E7555\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC2D8320-234D-47BD-AE43-45D78B1FC2B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F506449-969A-47EC-80C3-A75B88FC53B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4450B57-BD9D-492E-913C-436BE56ADC9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B0EEFD8-5B25-4280-BE73-3FB1C57669B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E364882-403C-4639-B13F-8EE34DA2C7B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"917A1FA8-50C6-4B0C-B196-2EE092EBEAD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EEC829A-0933-4599-9B21-CD404411CF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EEC2D9F-0847-44DE-8507-ABA12254BA37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7831E2D8-91A5-45B3-A831-55F114328881\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7337CF4-437D-4D12-8B66-9C74C79240AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*\", \"matchCriteriaId\": \"808831CA-2565-4CEC-B9DA-8A9099ADF48A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C785F3F-A138-4B6D-BA36-1C02E1F78370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"858B75C0-77AF-49C5-9864-FE47AC7B22DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA70648C-38C6-438A-8C91-D29CF06DD29C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D466A50B-02CF-422F-9D1C-8C12D7992C17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7424517-9067-4437-8C9C-528BD7B81D37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE679246-BAA7-487C-A002-E67FF7CBB0CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8DB3514-4D09-4E4C-80C3-1C071251D1A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8904EC5-C176-499D-8852-638203ED837A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB61EC72-D1C1-40BD-8271-4E67DBB53C62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA6728A7-5193-49F9-8790-4D8438045683\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.\"}, {\"lang\": \"es\", \"value\": \"acl.c en tinyproxy antes de v1.8.3, cuando la opcion \\\"Allow Configuration\\\" especifica un bloque CIDR, permite conexiones TCP desde todas las direcciones IP, lo que facilita a los atacantes remotos a la hora de ocultar el origen del tr\\u00e1fico de Internet, aprovechando la servidor proxy HTTP abierto.\"}]",
      "id": "CVE-2011-1499",
      "lastModified": "2024-11-21T01:26:27.190",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-04-29T22:55:00.937",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2011/04/07/9\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2011/04/08/3\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44274\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2222\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://banu.com/bugzilla/show_bug.cgi?id=90\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694658\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67256\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2011/04/07/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2011/04/08/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2222\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://banu.com/bugzilla/show_bug.cgi?id=90\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67256\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-16\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1499\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-04-29T22:55:00.937\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.\"},{\"lang\":\"es\",\"value\":\"acl.c en tinyproxy antes de v1.8.3, cuando la opcion \\\"Allow Configuration\\\" especifica un bloque CIDR, permite conexiones TCP desde todas las direcciones IP, lo que facilita a los atacantes remotos a la hora de ocultar el origen del tr\u00e1fico de Internet, aprovechando la servidor proxy HTTP abierto.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.2\",\"matchCriteriaId\":\"D51F3BA5-1282-476E-922D-1F8D265D9751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E01A3AF-BAED-46BB-A378-E5C62907ABA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B8B13DE-1161-4993-BB34-8228EEE43252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7996D03-1884-4334-B43F-A5B4D9458C2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DCFC9B7-BDC7-4156-85A3-755A671C07A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98C8696-86AE-40AA-B45D-4FC46C20C60B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F75221E-F380-4ED1-9019-2A15A94E8942\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A551F1C-8798-456C-A393-69F240CFDC1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"295E82ED-4B37-4FC9-ACF6-E6525D2D7577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D32C1C-ADAC-434D-B61E-4521E61700A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF430680-0EA9-44F2-B008-38C09CE391A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5FA5945-876F-4D49-8743-FD8B0A4BEBD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"758E84E7-B4D4-4502-99A2-E13FE1F1BB34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A056CA07-8E63-4BC4-B788-6FA28FA6B9CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"437DC576-9A0F-45DD-B7DB-D3BDF8FAF306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F5E2202-1782-4583-826F-4E8D8A79D03E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C34C0689-C9E7-4253-955B-EB07D48CEC97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"56EC1656-6577-41E9-B66A-5EAAAA5F7317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9644328-8BD9-4DC6-B390-41157761B14B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA8A973D-15C5-48A2-BF93-DBB1945D2CF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"952A6F77-710E-4E13-94B2-EC4853A195B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*\",\"matchCriteriaId\":\"54F424CF-FE0F-46A8-A62D-9C25DEC9F00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F6AAF00-5972-41DD-AB4F-6AECA14E47DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7056081A-63D6-4213-A162-CF3502D03D2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"680705E5-D484-4C7E-8E70-E30E667A666D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"19389006-AFFF-4BDB-8238-5F70758E7555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC2D8320-234D-47BD-AE43-45D78B1FC2B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F506449-969A-47EC-80C3-A75B88FC53B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4450B57-BD9D-492E-913C-436BE56ADC9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0EEFD8-5B25-4280-BE73-3FB1C57669B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E364882-403C-4639-B13F-8EE34DA2C7B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"917A1FA8-50C6-4B0C-B196-2EE092EBEAD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EEC829A-0933-4599-9B21-CD404411CF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EEC2D9F-0847-44DE-8507-ABA12254BA37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7831E2D8-91A5-45B3-A831-55F114328881\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7337CF4-437D-4D12-8B66-9C74C79240AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"808831CA-2565-4CEC-B9DA-8A9099ADF48A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C785F3F-A138-4B6D-BA36-1C02E1F78370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"858B75C0-77AF-49C5-9864-FE47AC7B22DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA70648C-38C6-438A-8C91-D29CF06DD29C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D466A50B-02CF-422F-9D1C-8C12D7992C17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7424517-9067-4437-8C9C-528BD7B81D37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE679246-BAA7-487C-A002-E67FF7CBB0CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8DB3514-4D09-4E4C-80C3-1C071251D1A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8904EC5-C176-499D-8852-638203ED837A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB61EC72-D1C1-40BD-8271-4E67DBB53C62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA6728A7-5193-49F9-8790-4D8438045683\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://openwall.com/lists/oss-security/2011/04/07/9\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2011/04/08/3\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/44274\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2222\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://banu.com/bugzilla/show_bug.cgi?id=90\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694658\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67256\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://openwall.com/lists/oss-security/2011/04/07/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2011/04/08/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/44274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://banu.com/bugzilla/show_bug.cgi?id=90\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2011-1499

Vulnerability from fkie_nvd - Published: 2011-04-29 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493	Issue Tracking, Patch
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/07/9	Mailing List, Third Party Advisory
secalert@redhat.com	http://openwall.com/lists/oss-security/2011/04/08/3	Mailing List, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/44274
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2222	Third Party Advisory
secalert@redhat.com	https://banu.com/bugzilla/show_bug.cgi?id=90	Broken Link
secalert@redhat.com	https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4	Broken Link
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=694658	Issue Tracking, Patch
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67256
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/07/9	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/04/08/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44274
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2222	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://banu.com/bugzilla/show_bug.cgi?id=90	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=694658	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67256

Impacted products

Vendor	Product	Version
banu	tinyproxy	*
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.0
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.1
banu	tinyproxy	1.5.2
banu	tinyproxy	1.5.2
banu	tinyproxy	1.5.2
banu	tinyproxy	1.5.3
banu	tinyproxy	1.5.3
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.0
banu	tinyproxy	1.6.1
banu	tinyproxy	1.6.2
banu	tinyproxy	1.6.3
banu	tinyproxy	1.6.4
banu	tinyproxy	1.6.5
banu	tinyproxy	1.7.0
banu	tinyproxy	1.7.1
banu	tinyproxy	1.8.0
banu	tinyproxy	1.8.1
debian	debian_linux	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D51F3BA5-1282-476E-922D-1F8D265D9751",
              "versionEndIncluding": "1.8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E01A3AF-BAED-46BB-A378-E5C62907ABA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "3B8B13DE-1161-4993-BB34-8228EEE43252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "D7996D03-1884-4334-B43F-A5B4D9458C2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "6DCFC9B7-BDC7-4156-85A3-755A671C07A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "C98C8696-86AE-40AA-B45D-4FC46C20C60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*",
              "matchCriteriaId": "5F75221E-F380-4ED1-9019-2A15A94E8942",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*",
              "matchCriteriaId": "0A551F1C-8798-456C-A393-69F240CFDC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295E82ED-4B37-4FC9-ACF6-E6525D2D7577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "52D32C1C-ADAC-434D-B61E-4521E61700A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EF430680-0EA9-44F2-B008-38C09CE391A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A1B5FF94-35C9-46C7-9B56-FA3CCF0367A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "A5FA5945-876F-4D49-8743-FD8B0A4BEBD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "758E84E7-B4D4-4502-99A2-E13FE1F1BB34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "A056CA07-8E63-4BC4-B788-6FA28FA6B9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "437DC576-9A0F-45DD-B7DB-D3BDF8FAF306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "0F5E2202-1782-4583-826F-4E8D8A79D03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C34C0689-C9E7-4253-955B-EB07D48CEC97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "56EC1656-6577-41E9-B66A-5EAAAA5F7317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "E9644328-8BD9-4DC6-B390-41157761B14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "BA8A973D-15C5-48A2-BF93-DBB1945D2CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "952A6F77-710E-4E13-94B2-EC4853A195B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*",
              "matchCriteriaId": "54F424CF-FE0F-46A8-A62D-9C25DEC9F00B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*",
              "matchCriteriaId": "8F6AAF00-5972-41DD-AB4F-6AECA14E47DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7056081A-63D6-4213-A162-CF3502D03D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "2CC13B57-6DBB-4E6B-9FEE-D99DFC6A496B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "680705E5-D484-4C7E-8E70-E30E667A666D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "19389006-AFFF-4BDB-8238-5F70758E7555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2D8320-234D-47BD-AE43-45D78B1FC2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F506449-969A-47EC-80C3-A75B88FC53B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B4450B57-BD9D-492E-913C-436BE56ADC9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0EEFD8-5B25-4280-BE73-3FB1C57669B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2E364882-403C-4639-B13F-8EE34DA2C7B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "917A1FA8-50C6-4B0C-B196-2EE092EBEAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*",
              "matchCriteriaId": "9EEC829A-0933-4599-9B21-CD404411CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "0EEC2D9F-0847-44DE-8507-ABA12254BA37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "7831E2D8-91A5-45B3-A831-55F114328881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*",
              "matchCriteriaId": "E7337CF4-437D-4D12-8B66-9C74C79240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*",
              "matchCriteriaId": "808831CA-2565-4CEC-B9DA-8A9099ADF48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7C785F3F-A138-4B6D-BA36-1C02E1F78370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "858B75C0-77AF-49C5-9864-FE47AC7B22DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AA70648C-38C6-438A-8C91-D29CF06DD29C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D466A50B-02CF-422F-9D1C-8C12D7992C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7424517-9067-4437-8C9C-528BD7B81D37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE679246-BAA7-487C-A002-E67FF7CBB0CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DB3514-4D09-4E4C-80C3-1C071251D1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8904EC5-C176-499D-8852-638203ED837A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CC7B8-6BCB-453E-AA85-CCBAEC216A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB61EC72-D1C1-40BD-8271-4E67DBB53C62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1AD0C6B-8879-4685-B63D-78BD7FBC5ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6728A7-5193-49F9-8790-4D8438045683",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
    },
    {
      "lang": "es",
      "value": "acl.c en tinyproxy antes de v1.8.3, cuando la opcion \"Allow Configuration\" especifica un bloque CIDR, permite conexiones TCP desde todas las direcciones IP, lo que facilita a los atacantes remotos a la hora de ocultar el origen del tr\u00e1fico de Internet, aprovechando la servidor proxy HTTP abierto."
    }
  ],
  "id": "CVE-2011-1499",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-29T22:55:00.937",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/07/9"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/44274"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2222"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/07/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1499

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1499

Aliases

CVE-2011-1499

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1499",
    "description": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.",
    "id": "GSD-2011-1499",
    "references": [
      "https://www.debian.org/security/2011/dsa-2222"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1499"
      ],
      "details": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.",
      "id": "GSD-2011-1499",
      "modified": "2023-12-13T01:19:08.072753Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-1499",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493",
            "refsource": "MISC",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
          },
          {
            "name": "http://openwall.com/lists/oss-security/2011/04/07/9",
            "refsource": "MISC",
            "url": "http://openwall.com/lists/oss-security/2011/04/07/9"
          },
          {
            "name": "http://openwall.com/lists/oss-security/2011/04/08/3",
            "refsource": "MISC",
            "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
          },
          {
            "name": "http://secunia.com/advisories/44274",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/44274"
          },
          {
            "name": "http://www.debian.org/security/2011/dsa-2222",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2011/dsa-2222"
          },
          {
            "name": "https://banu.com/bugzilla/show_bug.cgi?id=90",
            "refsource": "MISC",
            "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
          },
          {
            "name": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4",
            "refsource": "MISC",
            "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694658",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.6.0:pre3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:pre3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.0:rc7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.1:pre4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:banu:tinyproxy:1.5.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1499"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20110407 CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/07/9"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
            },
            {
              "name": "[oss-security] 20110408 Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
            },
            {
              "name": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
            },
            {
              "name": "https://banu.com/bugzilla/show_bug.cgi?id=90",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
            },
            {
              "name": "DSA-2222",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2222"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694658",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
            },
            {
              "name": "44274",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44274"
            },
            {
              "name": "tinyproxy-aclc-sec-bypass(67256)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:34Z",
      "publishedDate": "2011-04-29T22:55Z"
    }
  }
}

GHSA-GF7C-J3G3-G2R4

Vulnerability from github – Published: 2022-05-17 02:00 – Updated: 2022-05-17 02:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1499"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-29T22:55:00Z",
    "severity": "LOW"
  },
  "details": "acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.",
  "id": "GHSA-gf7c-j3g3-g2r4",
  "modified": "2022-05-17T02:00:34Z",
  "published": "2022-05-17T02:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1499"
    },
    {
      "type": "WEB",
      "url": "https://banu.com/bugzilla/show_bug.cgi?id=90"
    },
    {
      "type": "WEB",
      "url": "https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694658"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67256"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/04/07/9"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/04/08/3"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44274"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2222"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1499 (GCVE-0-2011-1499)

FKIE_CVE-2011-1499

GSD-2011-1499

GHSA-GF7C-J3G3-G2R4

Tags

Sightings

Nomenclature