CVE-2011-1499

critical

Description

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/67256

https://bugzilla.redhat.com/show_bug.cgi?id=694658

http://www.debian.org/security/2011/dsa-2222

http://secunia.com/advisories/44274

http://openwall.com/lists/oss-security/2011/04/08/3

http://openwall.com/lists/oss-security/2011/04/07/9

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493

Details

Source: Mitre, NVD

Published: 2011-04-29

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical