CVE-2011-1499
First published: Thu Apr 07 2011(Updated: )
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tinyproxy | =1.7.1 | |
| Tinyproxy | =1.6.0-pre4 | |
| Tinyproxy | =1.5.0-rc6 | |
| Tinyproxy | =1.6.0-rc2 | |
| Tinyproxy | =1.5.2 | |
| Tinyproxy | =1.6.5 | |
| Tinyproxy | =1.5.1-pre5 | |
| Tinyproxy | =1.5.0-rc8 | |
| Tinyproxy | =1.6.0-pre2 | |
| Tinyproxy | =1.6.0-a | |
| Tinyproxy | =1.5.0-pre6 | |
| Tinyproxy | =1.5.0-pre5 | |
| Tinyproxy | =1.5.1-pre2 | |
| Tinyproxy | =1.5.3 | |
| Tinyproxy | =1.5.0-rc9 | |
| Tinyproxy | =1.5.1 | |
| Tinyproxy | =1.6.1 | |
| Tinyproxy | =1.5.1-rc3 | |
| Tinyproxy | =1.5.0-rc1 | |
| Tinyproxy | =1.6.4 | |
| Tinyproxy | =1.5.0-rc7 | |
| Tinyproxy | =1.5.2-rc1 | |
| Tinyproxy | =1.7.0 | |
| Tinyproxy | =1.5.0-pre2 | |
| Tinyproxy | =1.5.0-pre3 | |
| Tinyproxy | =1.5.0-rc10 | |
| Tinyproxy | =1.6.0-pre3 | |
| Tinyproxy | =1.8.0 | |
| Tinyproxy | =1.5.3-rc1 | |
| Tinyproxy | =1.5.1-pre6 | |
| Tinyproxy | =1.5.0 | |
| Tinyproxy | =1.6.0-pre1 | |
| Tinyproxy | =1.5.0-pre1 | |
| Tinyproxy | =1.5.1-rc4 | |
| Tinyproxy | =1.6.2 | |
| Tinyproxy | =1.5.1-pre1 | |
| Tinyproxy | =1.6.0-rc3 | |
| Tinyproxy | =1.5.0-rc2 | |
| Tinyproxy | =1.5.1-rc2 | |
| Tinyproxy | =1.5.2-rc2 | |
| Tinyproxy | =1.6.3 | |
| Tinyproxy | =1.5.1-rc1 | |
| Tinyproxy | =1.8.1 | |
| Tinyproxy | =1.5.0-rc5 | |
| Tinyproxy | =1.5.0-rc4 | |
| Tinyproxy | =1.5.1-pre3 | |
| Tinyproxy | =1.5.1-pre4 | |
| Tinyproxy | =1.6.0-rc1 | |
| Tinyproxy | <=1.8.2 | |
| Tinyproxy | =1.6.0 | |
| Tinyproxy | =1.5.0-pre4 | |
| Debian Linux | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://openwall.com/lists/oss-security/2011/04/07/9
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493
- http://openwall.com/lists/oss-security/2011/04/08/3
- https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
- https://banu.com/bugzilla/show_bug.cgi?id=90
- http://www.debian.org/security/2011/dsa-2222
- https://bugzilla.redhat.com/show_bug.cgi?id=694658
- http://secunia.com/advisories/44274
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67256
- https://banu.com/cgit/tinyproxy/commit/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
- https://access.redhat.com/security/cve/CVE-2011-1499
- https://access.redhat.com/security/cve/CVE-2011-1843
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1843
- https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=701687
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=701688
Frequently Asked Questions
What is the severity of CVE-2011-1499?
CVE-2011-1499 is considered a medium severity vulnerability due to its potential to allow unauthorized access via an open HTTP proxy.
How do I fix CVE-2011-1499?
To fix CVE-2011-1499, update Tinyproxy to version 1.8.3 or later, which addresses this vulnerability.
What types of systems are affected by CVE-2011-1499?
CVE-2011-1499 affects various versions of Tinyproxy prior to 1.8.3 running on systems that utilize allow configuration settings with CIDR blocks.
What is the impact of exploiting CVE-2011-1499?
Exploiting CVE-2011-1499 allows remote attackers to obscure the origin of web traffic, potentially facilitating malicious activity.
Are there any known exploits for CVE-2011-1499?
While specific exploits for CVE-2011-1499 have not been widely reported, the nature of the vulnerability poses risks if not mitigated.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1499
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/banu
- canonical/tinyproxy
- version/tinyproxy/1.7.1
- version/tinyproxy/1.6.0-pre4
- version/tinyproxy/1.5.0-rc6
- version/tinyproxy/1.6.0-rc2
- version/tinyproxy/1.5.2
- version/tinyproxy/1.6.5
- version/tinyproxy/1.5.1-pre5
- version/tinyproxy/1.5.0-rc8
- version/tinyproxy/1.6.0-pre2
- version/tinyproxy/1.6.0-a
- version/tinyproxy/1.5.0-pre6
- version/tinyproxy/1.5.0-pre5
- version/tinyproxy/1.5.1-pre2
- version/tinyproxy/1.5.3
- version/tinyproxy/1.5.0-rc9
- version/tinyproxy/1.5.1
- version/tinyproxy/1.6.1
- version/tinyproxy/1.5.1-rc3
- version/tinyproxy/1.5.0-rc1
- version/tinyproxy/1.6.4
- version/tinyproxy/1.5.0-rc7
- version/tinyproxy/1.5.2-rc1
- version/tinyproxy/1.7.0
- version/tinyproxy/1.5.0-pre2
- version/tinyproxy/1.5.0-pre3
- version/tinyproxy/1.5.0-rc10
- version/tinyproxy/1.6.0-pre3
- version/tinyproxy/1.8.0
- version/tinyproxy/1.5.3-rc1
- version/tinyproxy/1.5.1-pre6
- version/tinyproxy/1.5.0
- version/tinyproxy/1.6.0-pre1
- version/tinyproxy/1.5.0-pre1
- version/tinyproxy/1.5.1-rc4
- version/tinyproxy/1.6.2
- version/tinyproxy/1.5.1-pre1
- version/tinyproxy/1.6.0-rc3
- version/tinyproxy/1.5.0-rc2
- version/tinyproxy/1.5.1-rc2
- version/tinyproxy/1.5.2-rc2
- version/tinyproxy/1.6.3
- version/tinyproxy/1.5.1-rc1
- version/tinyproxy/1.8.1
- version/tinyproxy/1.5.0-rc5
- version/tinyproxy/1.5.0-rc4
- version/tinyproxy/1.5.1-pre3
- version/tinyproxy/1.5.1-pre4
- version/tinyproxy/1.6.0-rc1
- version/tinyproxy/1.8.2
- version/tinyproxy/1.6.0
- version/tinyproxy/1.5.0-pre4
- vendor/debian
- canonical/debian linux
- version/debian linux/6.0