Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/22 1:16 p.m.9 views

CVE-2026-55202

A flaw was found in Tinyproxy. This vulnerability allows unauthenticated remote attackers to gain unauthorized access to internal proxy statistics or misroute requests. This is possible due to improper validation of the Host header during stathost detection, which can be exploited by injecting a...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 8:17 p.m.5 views

DEBIAN-CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.4AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 8:17 p.m.10 views

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS0.00335EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 7:13 p.m.8 views

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.4AI score0.00335EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 7:13 p.m.21 views

CVE-2026-55202 Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS0.00335EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 7:13 p.m.12 views

EUVD-2026-37786

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 7:13 p.m.18 views

CVE-2026-55202

Tinyproxy (up to version 1.11.3) contains a vulnerability in stathost detection where the Host header is not properly validated. This allows unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation, potentially misrouting req...

8.8CVSS5.4AI score0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50530

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References11
Rows per page
Query Builder