Lucene search

GoogleOSV:DSA-2564-1

HistoryOct 23, 2012 - 12:00 a.m.

tinyproxy - denial of service

2012-10-2300:00:00

Google

osv.dev

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a
denial of service by remote attackers by sending crafted request
headers.

For the stable distribution (squeeze), this problem has been fixed in
version 1.8.2-1squeeze3.

For the testing distribution (wheezy), this problem has been fixed in
version 1.8.3-3.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.3-3.

We recommend that you upgrade your tinyproxy packages.

CPENameOperatorVersion
tinyproxyeq1.8.2-1squeeze2
tinyproxyeq1.8.2-1squeeze1
tinyproxyeq1.8.2-1

Name	Operator	Version
tinyproxy	eq	1.8.2-1squeeze2
tinyproxy	eq	1.8.2-1squeeze1
tinyproxy	eq	1.8.2-1

References

www.debian.org/security/2012/dsa-2564

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for OSV:DSA-2564-1