First published: Thu Apr 07 2011(Updated: )
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Banu Tinyproxy | =1.7.1 | |
Banu Tinyproxy | =1.6.0-pre4 | |
Banu Tinyproxy | =1.5.0-rc6 | |
Banu Tinyproxy | =1.6.0-rc2 | |
Banu Tinyproxy | =1.5.2 | |
Banu Tinyproxy | =1.6.5 | |
Banu Tinyproxy | =1.5.1-pre5 | |
Banu Tinyproxy | =1.5.0-rc8 | |
Banu Tinyproxy | =1.6.0-pre2 | |
Banu Tinyproxy | =1.6.0-a | |
Banu Tinyproxy | =1.5.0-pre6 | |
Banu Tinyproxy | =1.5.0-pre5 | |
Banu Tinyproxy | =1.5.1-pre2 | |
Banu Tinyproxy | =1.5.3 | |
Banu Tinyproxy | =1.5.0-rc9 | |
Banu Tinyproxy | =1.5.1 | |
Banu Tinyproxy | =1.6.1 | |
Banu Tinyproxy | =1.5.1-rc3 | |
Banu Tinyproxy | =1.5.0-rc1 | |
Banu Tinyproxy | =1.6.4 | |
Banu Tinyproxy | =1.5.0-rc7 | |
Banu Tinyproxy | =1.5.2-rc1 | |
Banu Tinyproxy | =1.7.0 | |
Banu Tinyproxy | =1.5.0-pre2 | |
Banu Tinyproxy | =1.5.0-pre3 | |
Banu Tinyproxy | =1.5.0-rc10 | |
Banu Tinyproxy | =1.6.0-pre3 | |
Banu Tinyproxy | =1.8.0 | |
Banu Tinyproxy | =1.5.3-rc1 | |
Banu Tinyproxy | =1.5.1-pre6 | |
Banu Tinyproxy | =1.5.0 | |
Banu Tinyproxy | =1.6.0-pre1 | |
Banu Tinyproxy | =1.5.0-pre1 | |
Banu Tinyproxy | =1.5.1-rc4 | |
Banu Tinyproxy | =1.6.2 | |
Banu Tinyproxy | =1.5.1-pre1 | |
Banu Tinyproxy | =1.6.0-rc3 | |
Banu Tinyproxy | =1.5.0-rc2 | |
Banu Tinyproxy | =1.5.1-rc2 | |
Banu Tinyproxy | =1.5.2-rc2 | |
Banu Tinyproxy | =1.6.3 | |
Banu Tinyproxy | =1.5.1-rc1 | |
Banu Tinyproxy | =1.8.1 | |
Banu Tinyproxy | =1.5.0-rc5 | |
Banu Tinyproxy | =1.5.0-rc4 | |
Banu Tinyproxy | =1.5.1-pre3 | |
Banu Tinyproxy | =1.5.1-pre4 | |
Banu Tinyproxy | =1.6.0-rc1 | |
Banu Tinyproxy | <=1.8.2 | |
Banu Tinyproxy | =1.6.0 | |
Banu Tinyproxy | =1.5.0-pre4 | |
Debian Debian Linux | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.