CVE-2011-1499
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.6%
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
Affected configurations
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493
openwall.com/lists/oss-security/2011/04/07/9
openwall.com/lists/oss-security/2011/04/08/3
secunia.com/advisories/44274
www.debian.org/security/2011/dsa-2222
banu.com/bugzilla/show_bug.cgi?id=90
banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4
bugzilla.redhat.com/show_bug.cgi?id=694658
exchange.xforce.ibmcloud.com/vulnerabilities/67256
Related
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.6%